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ABSTRACT 


The primary purpose of this thesis is to examine the 
legal ramifications of conducting Government Agency 
contracting on the Internet. The author proposes that the 
Internet is a. suitable medium on which to process and 
conduct all aspects of Government contracting. The thesis 
examines the current legal issues surrounding contract 
formation across the open architecture of the Internet. The 
thesis then examines the latest cryptological schemes for 
both encryption and decryption and the logistical challenge 
of passing keys between participants. The thesis discusses 
current Federal agencies and current Federal policies 
regarding encryption and its suitability for Government 
contracting. The thesis also examines the latest efforts 
among State legislatures and commercial legal ramifications 


for contracting on the Internet. 
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I. INTRODUCTION 


A. BACKGROUND 

This paper proposes the Internet as an alternative 
method for contracting electronically in support of 
electronic commerce. This thesis demonstrates that, there 
are hurdles to contracting on the Internet. There are legal 
concerns about formation, signature, and the admissibility 
of electronic records. There are concerns about security. 
Numerous Federal agencies and . regulations must be 
satisfied. There is also the interface between Government 
and commercial contracting procedures that must be 
addressed. This thesis shows that although there is risk 
with contracting on the Internet, the risk is no greater 
than paper systems currently in place. Careful planning and 
prudent implementation procedures minimize whatever risk is 
involved with developing electronic contracting on the 
Internet. 

One of the recommendations of the National Performance 
Review is to increase the use of electronic commerce in 
Government. By the year 2000, the Federal Government plans 
to use computers to conduct 75 percent of all practicable 


transactions. [Ref. 66;p 35-49] 








“This activity can occur in ‘open systems’ such as on 
the Internet through e-mail and World Wide Web and in more 
‘closed’ systems such as those offered by EDI service 
providers” [Ref. 33]. 

To reach that transaction level, the Federal 
Acquisition Streamlining Act (FASA) of 1994 requires the 
Government to implement a Government-wide system for 
electronic commerce--the Federal Acquisition Computer 
Network (FACNET). [Ref. 66;p 35-49] 

FACNET is a closed system. Contractors register with 
third party Value Added Networks (VANs), VANS register with 
the Government. VANS monitor access to the- system. 
Regulated access makes the system more secure. 

Problems with FACNET and its implementation make 
alternative solutions necessary. Some of the problems are: 

e the central registry is not complete 

e the verification procedures are cumbersome 

e the information infrastructure is expensive and 

process errors have occurred in the past 

Although FACNET is’ barely two years. old, the 
Government Accounting Office (GAO) noted that it already is 


out of step with newer, faster, and more cost-effective 





approaches to Electronic Commerce (EC) such as_ the 


Internet. [Ref 66;p 35-49] 

An Internet solution requires a rethinking of the way 
participants conduct their business. One of the chief 
attributes of the Internet is the ease with which 
participants can connect to each other. One of the 
essential elements of Internet contracting is finding just 
the right level of legal predictability without too much 
regulation. Echoing that view, Ira Magaziner, senior 
advisor to the President for electronic commerce policy 
development, stated; 

Companies interested in developing in this area were 

concerned over the lack of a predictable, legal 

environment for conducting business electronically... if 

a digital signature represents different things for 

different countries, it is very hard to conduct 

business electronically. Also, people feared that the 

Government was going to come in and over-regulate, - 

tax and-censor the Internet and, as a result, strangle 

electronic commerce. [Ref. 50] 

No one solution to contracting electronically can 
last. Agreement from the majority of participants on how to 
contract electronically is years away at best. This thesis 


considers the current state of affairs in the electronic 


market place, the evolving character of law and technology, 











and mechanisms that allow growth and more robust technology 
insertion as time passes. 

Although change is a constant, several anchoring 
tenets run throughout this thesis. These principles are 
illustrated in a Clinton Administration policy paper; “A 


Framework for Global Electronic Commerce” ; 
e the private sector should lead 


e Government should avoid undue restrictions on 
electronic commerce 


e where Governmental involvement is necessary, the aim 
should support and enforce a predictable, 
minimalist, consistent and simple legal environment 
for commerce 


e the regulatory frameworks established over the past 
60 years for telecommunication, radio and television 


might not fit the Internet 


e electronic commerce oon the Internet should be 
facilitated on a global basis. [Ref. 2] 


B. OBJECTIVE 


The objective of this paper is to provide the legal 
and technical underpinnings for a legal and secure system 
of contracting on the Internet. 

FACNET, a closed system, is not operating at the 
volume it was originally planned for. The Internet is an 
“open” architecture system of computer interfaces that 


allows greater connectivity than FACNET . Greater 





connectivity allows easier access between parties. 
Connectivity is a prime attribute of doing business on the 
Internet. On the Internet, anyone with a modem can connect 
and perform business transactions with any other modem 
owner. 

This aspect of greater connectivity is the chief 
problem of contracting on the Internet. Greater 
connectivity makes it more difficult for participants to 
verify each other’s identities and that makes for an 
unstable business environment. 

The thesis addresses the Internet as a medium for 
exchanging contracting agreements and interacting in a 
business transaction. It answers the technical and legal 
questions surrounding Internet contracting. Finally, the 
thesis proposes an Interchange agreement structure and a 
benchmark Internet Public Key Infrastructure (PKI, see 
Appendix C) solution that allows reasonable measured growth 


as technologies and legal precedents evolve. 


C. §$RESEARCH QUESTION 


The primary research question is: What contract 
formation and authentication requirements are there to using 


the Internet for Government contracting. 








The following subsidiary research questions are 


addressed: 

A. What are some of the areas of contract formation 
and rules of evidence that need to be addressed 
before implementing a system of contracting on the 
Internet? 

B. What security measures exist that could aid 
security in electronic contract formation on the 
Internet? 

Cy What Federal Government agencies are involved with 
electronic contracting on the Internet and what 
guidelines are already in place? 

D What is the commercial sector and state 
legislatures doing about electronic contract 
formation? 

E. How can Federal agencies mitigate risk while 


implementing electronic contracting? 

D. SCOPE OF THESIS 

Any subject dealing with the Internet is broad in 
scope by nature. Contracting is also a broad topic that 
could deal with individual contracts, contractors, agencies 
or commodities. 

The scope of this thesis is limited to generic 
contracts for over $100,000 and is limited to contracting 
only with United States contractors. The thesis does not 


attempt to ‘prove the underpinnings of cryptology and 





cryptosystems other than to cite current expert opinion and 
current security regulations on the subject. The thesis 
proposes model interchange agreements and public key 
infrastructure agreements for contracting on the Internet 
that an Agency can then shape and mold to meet their 


specific requirements. 


E. METHODOLOGY 


The author uses one research method to answer the 
primary and subsidiary questions. The author conducts a 
comprehensive review of available literature dealing with 
contract rules of evidence, available cryptology methods, 
current Federal security requirements, and State 


legislative actions. 


F. ORGANIZATION OF STUDY 


This thesis is organized in the following manner: 
Chapter I is background and introduction. Chapter II 
examines the legal fundamentals of contract formation. It 
also examines how those rules apply to eee a contract 
electronically. Chapter III examines encryption and how it 
applies to electronic contracting. Chapters IV and vV 
discuss the current Federal environment concerning 


pertinent public laws, Agencies involved with creating 








security policies and current Government security policy. 
Chapter VI examines electronic contracting in the public 
sector using states and the Uniform Commercial Code as a 
proxy for non-Federal policy. Chapter VII provides an 
integrative analysis. Chapter VIII provides conclusions 
derived from the research and recommendations for future 


interchange agreements and public key infrastructure 


agreements. 





II. ELECTRONIC CONTRACT FORMATION 


A. INTRODUCTION 

Two precedent conditions of electronic contracting on 
the Internet require specific attention. One condition is 
meeting all the usual paper-based requirements that make up 
a legal basis for the contract itself. The other condition 
is ensuring that the information Bad terms and conditions 
that flow between the parties is what the parties have 
intended and agreed to in their negotiations. This second 
condition is, for the purpose of this thesis, a need for a 
secure, a bilateral electronic relationship. 

The two conditions are linked. The legal basis for a 
contract requires competent parties and certainty of terms 
among other issues. These requirements do not change when 
contracting electronically on the Internet. In the paper- 
based system, secure communications are manifested in the 
final, Signed contract. Contracting on the Internet 
requires additional electronic security measures to ensure 
the identities of the competent parties and to ensure that 
no terms or conditions were altered while transiting the 


open architecture of the Internet. This additional layer of 





security is discussed here and is covered more completely 
in Chapter III that deals with security. 

This chapter introduces the legal requirements of 
contracting in a paper-based system. This chapter builds 
upon that foundation to establish a legal basis for 
electronic contracting. This chapter introduces many of the 
basic machinations of evidentiary requirements’ that 
‘participants need to meet in a paper-based contract. The 
author describes these requirements as they exist and how 
they can extend to control the electronic environment in a 
defensible legal environment. 

The chapter suggests that a properly authenticated 
electronic contract meets all the requirements for 


executing a contract for all legal purposes. 


B. PAPER CONTRACTS 


A contract exists where an offer is made by cue pare 
(the offeror) to another (the offeree) to contract on 
specified terms. The offeree accepts the offer and gives 
scneeins of value to the offeror in return, generally a 
promise to pay the price specified. This something of 


value is consideration. [Ref. 29;p. 42] 
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The common law rules of offer and acceptance provide 
that a contract comes into existence at the time the 
offeree's acceptance of the offer (rather than a mere 
acknowledgement of the offer) is received by the offeror 
[Ref. 29;p.136]. One exception is where the communication 
of acceptance is by mail (assuming that postal acceptance 
1s valid) in which case the time at which the contract 
comes into existence is when notice of the offeree's 
acceptance of the offer is posted by the offeree to the 
offeror [Ref. 29;p. 167-170]. This concept is the mailbox 
rule. 

The rules also provide that the place a contract is 
formed is usually the place where notice of acceptance of 
the offer is received by the offeror or his agent [Ref. 
29;p. 132]. 

There is no general requirement that the offer, 
acceptance or evidence of consideration should be in 
writing or take any particular form except as noted in the 
Statute of Frauds (infra). 

Once a contract has come into existence, participants 
must consider the terms of that contract. The terms of a 
contract are those set out in the offer accepted by the 


offeree. The terms should be clear as to the: 
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e parties to the contract 

e subject matter of the contract 

e consideration 

An offer frequently provides that an additional body 
of terms form part of the contract unless there is some 
mention of a merger clause. A merger clause generally 
provides that all facets of the agreement are incorporated 
into the written document [Ref. 29;p. 457]. These terms 
would usually be the standard terms and conditions of one 
of the parties. 

Absent a merger clause, if a party wants to 
incorporate terms and conditions into the contract, these 
terms and conditions must be brought to the attention of 
the offeree and accepted by the offeree prior to or at the 
time of the contract coming into existence [Ref. 29;p. 
458]. 

This is why terms and conditions appearing on delivery 
tickets or invoices alone do not form part of a contract to 
buy or sell goods. At the time of invoicing and delivery, 
the parties have already agreed to the contract. 

However, terms and conditions appearing on the reverse 


of order forms would form part of the contract. These terms 
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and conditions can be agreed to by the parties before the 
contract is formed. 

This is the legal foundation of most of the paper- 
based contracting system in use today. There are over 200 
years of case law that further clarify how courts interpret 


particular aspects of contract formation or execution. 


Ce EVIDENTIARY REQUIREMENTS 


Case law on the evidentiary requirements of paper- 
based contracts is well established. The general precept is 
that the original agreement is brought before the court and 
the litigants argue their case. “That in proving the terms 
of a writing, where the terms are material, the original 
writing must be produced unless it is shown to be 
unavailable for some reason other than the serious fault of 
the proponent.” [Ref. 41] 

A party who wants to rely on a document as evidence in 
Court should produce the original. In the absence of the 
original, the Court may accept a copy, but it is for the 
party seeking to rely on it to prove the authenticity of 
the copy. 

Methods for establishing admissibility are the heart 


of the evidentiary process. Courts want an original 
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document because paper documents are hard to change without 
the change being obvious or recognizable. This may not be 
the case in an electronic environment. Without proper 
control, parties can change an electronic document without 
leaving any marks of how the original document read. This 
is an objection to accepting electronic documents. 

Judges, juries, attorneys and parties cannot make 

sound judgments regarding the credibility of 

computerized records by comparing fairly brief and 
understandable testimony with recognizable documents, 
as they could with traditional shop books. Unlike 
ledgers and books of payables, and receivables with 
individual items, .. computer printouts are not records 
at all,.. Because program changes or data manipulations 
can be accomplished without leaving any trace and 

without affecting the day-to-day operation of a 

computer system, both unintentional error and 

intentional fraud are difficult to discover behind a 

perfect-looking printout [Ref. 3]. 

If a party introduces a document into court that has 
been stored in digital form, proving’ the document 
represents the original thought or agreement could be 
difficult if there are no safeguards in place to prevent 
mistake or fraud. 

Case law on the enfaqrceability of electronic and other 
non-traditional methods of contracting is virtually non- 
existent. “This is not surprising when one considers that 


EDI, facsimile communications, and E-mail are relatively 


recent modes of communication [Ref. ll;p. 64].” 
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The best measure of how electronic documents will be 
received in court can be formulated only after examining 
the current evidentiary requirements in place for paper- 
based contracts. 


1 Statute of Frauds 


The English parliament, in 1677, drafted an Act for 
the Prevention of Frauds and Perjuries. That statute listed 
a series of ‘important’ contracts that would not be 
judicially enforced unless a memorandum signed by the party 
(or the party’s agent) to be charged was produced ([Ref. 
29;p. 82]. Those contracts were as follows: 

e Promises of an Executor or Administrator to pay the 

debts of the decedent's estate out of his or her 
own funds 


° Promises to pay the debts of another 


e Promises upon consideration that a marriage take 
place 


e Contracts for the sale of land 
e Contracts which are not capable of being fully 


performed within one year of the time of their 
making. [Ref. ll;p. 64] 
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State legislature have adopted comparable legislation, 
now known as the Statute of Frauds, in just about every one 
of our states. [Ref. 29;p. 82] 

The Statute of Frauds in the United States, in force 
Since the 1950’s, still brings protests and criticisms. The 
drafting committee working on Article 2 of the Uniform 
Commercial Code (U.C.C) is debating eliminating the Statute 
of Frauds as part of their upcoming rewrite of the 
U.C.C. [Ref. 44] 

The primary complaint for those seeking to roll back 
the Statute is that the Statute of Frauds causes more fraud 
than it prevents. According to this line of reasoning, the 
statute permits participants to avoid their obligations 
under an oral contract which actually had been made, simply 
because the "technical" or "formal" requirement for a 
Signed writing could not be produced. 

The original drafters of the U.C.C. kept the Statute 
of Frauds in place when dealing with the Sale of Goods. 
They rewrote the Statute; adding provisions designed to 
overcome the objections that detractors had aimed at the 
original statute. [Ref. 54; 259-280] 

The Statute of Frauds as embodied in the U.C.C 


requires an enforceable contract to be in writing, which is 
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signed by the party against whom enforcement is sought. 
"Writing" is defined by U.C.C. Section 1-201(46) to include 
Mune Vel eIneing, typewriting or any other intentional 
reduction to tangible form.” 

Signed is defined by U.C.C. Section 1-201(39) as 
“{A]ny symbol executed or adopted by a party with present 
intention to Sneneneiears a writing.” 

There was early difficulty with considering magnetic 
and electronic phenomena to be a "reduction to tangible 
form." It is a fair summary that most jurisdictions 
consider an electronic record to be a "writing" for Statute 
of Fraud purposes, [Ref. 60] particularly if the electronic 
record is capable of being eniaeed onto paper. 

Similarly, electronic records such as e-mail or fax 
communications which evidence directly or eincumawsaeie) ty 
the sender's assent and self-identification, have Seicmaig ie 
come to be considered "Signed writings" for purposes of the 
Statute of Frauds. [Ref. 64;p. 16.1-39] 

The bar to enforceability under the Statute of Frauds 
has always been subject to many exceptions, and opinion is 
building in favor of repealing the Statute of Frauds for 
the sale of goods and other purposes. [Ref. 53] Regardless 


whether the Statute is repealed or not, the important point 
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is that it appears unlikely that electronic records will be 
held unenforceable under the Statute of Frauds. 


2. Best Evidence 


The "best evidence rule," Federal Rules of Evidence 
(FRE) 1001(1), generally requires the use of the original 
of a writing or recording, defined as; 

Letters, words, or numbers, or their equivalent, set 

down by handwriting, typewriting, printing, 

photostating, photographing, magnetic impulse, 
mechanical or electronic recording, or other forms of 

data compilation [Ref. 32]. 

In the case of computer-produced information, FRE 
1001(3) defines the original to include printout or other 
output "readable by sight, shown to reflect the data 
accurately."[Ref. 3] 

The notion that the original is best is difficult to 
deal with in an electronic environment. The original in an 
electronic environment is merely a screen representation of 
the writing stored in random access memory. 

The stored copy is therefore, the first of many copies 
of the original manifestation on the screen. The primary 
obstacle for contract formation on the Internet is that the 


electronic media that the contract would be in can be 


easily altered without proper safeguards. 
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The Digital Signature Guidelines published by the 
Information Security Committee Science and Technology 
Section of the American Bar Association establishes 
guidelines that make a copy of a digitally signed message 
as effective, valid and enforceable as the original of the 
message. [Ref. 24;p. 88] 


Sis Hearsay 


The law of evidence regards all documents as hearsay. 
Accordingly, courts can admit documents only as one of the 
exceptions to the hearsay rule. If a computer produced the 
document, it is necessary to show that the computer was 
operating properly at all material times and that a person 
familiar with the use of that computer is able to give 
evidence to that effect. [Ref. 20;p. 107] 

Information presented in the form of a data message 

shall be given due evidential weight. In assessing the 

evidential weight of a data message, regard shall be 
had to the reliability of the manner in which the data 
was generated, stored or communicated, to the 
reliability of the manner in which the integrity of 
the information was maintained, to the manner in which 


its originator was identified, and to any other 
relevant factor. [Ref. 62] 
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4. Federal Rules of Evidence (FRE) 


a) FRE 1001(3) 


The original of a writing or recording as the 
writing or recording itself or any counterpart intended to 


have the same effect by a person executing or issuing it. 


b) FRE 1003 


A duplicate of the original is always admissible 
to the same extent as the original unless there is a 
genuine question as to the authenticity of the original or 


it would be unfair under the circumstances to admit. 


c) FRE 1004(1) 


If all originals are lost or destroyed (and if 
the proponent lost or destroyed them, he did not act in bad 


faith), then courts permit secondary evidence. 


d) FRE 1004(2) 


Courts permit secondary evidence if the original 
cannot be obtained through judicial procedures, such as 
when the original is in the hand of a third party who is 


beyond the jurisdiction of the court. 
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e) FRE 1004(3) 


Secondary evidence is admissible if the original 
is in the opponent’s hands and he, after notice, does not 


produce the original. 


f) FRE 1004(4) 
Secondary evidence is permitted if the writing is 


not closely related to a controlling issue in the trial. 


g) FRE 1005 


Certain types of copies may prove the contents of 
a Government record of Filing (including data 


compilations) . 


h) FRE 1006 


Summaries of voluminous writings or recordings 
may be admissible if the writings or recordings are 
available to the opponent 

The sum of all the noted FRE exceptions to admitting 
the original documentation or an electronic copy are to lay 
a foundation. If an electronic document can be proven to be 
an accurate representation of the manifestation to be 
bound, that evidence in an electronic format can be 


admissible and can be the basis for determining each 
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party’s respective duties and obligations. The evidentiary 
problem is not whether an electronic document is 
admissible. Rather, the court must determine if proper 
security arrangements are in place to satisfy the court 
that both parties are who they purport to be and that they 


have a written agreement determining their obligations. 


5. Parole Evidence 


The parole evidence rule as reflected in U.C.C. 2-202 
is unlike hearsay. Hearsay is a rule of evidence that bars 
some methods of proof to show a fact but permit that fact 
to be shown some other way. 

“The parole evidence rule bars a showing of the fact 
itself-the fact that the terms of the agreement are other 
than those in the writing [Ref. 29;p. 449].” 

Parties to a contract often reduce to writing part or 
all of their agreement, following the negotiation phase. 
“They do this in order to provide trustworthy evidence of 
the fact and terms of their agreement and to avoid reliance 
on uncertain memory [Ref. 29;p. 447] .” 

There are many reasons why oral communications do not 
produce perfect understanding. “One is that individual 


words (or phrases) often carry different meanings to 
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different persons. And, as many words and phrases are 
strung together over extended periods of time, such as 
often happens when contracts are being negotiated, the 
chances for misunderstanding are markedly increased [Ref. 


54;p. 259-280] .” 


a) Additional Terms 

Contract disputes usually arise not because there 
is a flaw in contract law. Contract law is only the 
framework from which an agreement hangs. Rather, disputes 
arise as to the interpretation or construction of the 
contract between the parties. [Ref 29;p. 445] 

Parties can attack a finalized written contract 
in court in two separate ways. One way is to present 
evidence that the agreement was actually different from or 
contradictory of the language in the writing. 

The other way is to claim that there are agreed 
terms in addition to the writing; terms which in no way 
contradict the writing and, indeed, are consistent with it. 
This, however, causes a problem where the other’ side 
insists that the eine contained all of the terms agreed 


to; that it was a completely integrated written contract. 
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“Under current Section 2-202, consistent 
additional terms--i.e., those that do not contradict the 
written terms of the weeiaesnay be admitted into evidence 
...unless the Court finds the writing to have been intended 
also as a complete and exclusive statement of the terms of 
the agreement [Ref 54;p. 259-280] ." 

In a paper-based system, the participants often sign 
and exchange the final contract. This serves’ several 


purposes: 


Evidence: A signature authenticates a writing by 
identifying the signer with the signed document. When 
the signer makes a mark in a distinctive manner, the 
writing becomes attributable to the signer. 

Ceremony: The act of signing a document calls to the 
signer’s attention the legal significance of the 
Signer’s act and thereby helps prevent inconsiderate 
engagements. 

Approval: In certain contexts defined by law or 
custom, a Signature expresses the signer’s approval or 
authorization of the writing or the signer’s intention 
that it has legal effect. 

Efficiency and logistics: A signature on written 
document often imparts a sense of clarity and finality 
to the transaction and may less the subsequent need to 
inquire beyond the face of the document. [Ref 24;p.4] 


Tf participants reach agreement on the Internet, they 
will not have a final, paneesbeced document with signatures 
exchanged. Until working relationships are established, 
participants will need to take greater care with electronic 


contracts. 
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b) Business Records Exception 


Although there are other avenues, the principal 
theory for admissibility of business records--both paper 
and electronic records--is the "business records exception" 
to the hearsay rule provided by FRE 803(6), and under 
various similar State statutes, providing: 


A memorandum, report, record, or data compilation, in 
any form, of acts, events, conditions, opinions, or 
diagnoses, made at or near the time by, or from 
information transmitted by, a person with knowledge, 
if kept in the course of a regularly conducted 
business activity, and if it was the regular practice 
of that business activity to make the memorandun, 
report, record, or data compilation, all as shown by 
the testimony of the custodian or other qualified 
witness, unless the source of the information or the 
method or circumstances of preparation indicate lack 
of trustworthiness. The term '‘'business' as used in 
this paragraph includes business, institution, 
association, profession, occupation, and calling of 
every kind, whether or not conducted for profit. [Ref. 
32] 


6. Admissibility 


Precautions regarding admissibility of evidence in 
court are intended to prevent tampering with documents 
after signature. Electronic means exist which can give 
equal certainty. 

For example, it is possible to compute the hash value 
of a document in digital form, and to send that to an 


agreed third party. If someone amends the document, the 
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hash value changes. Comparing the original hash value with 
a subsequent calculation authenticates the document. (Hash 
values Chapter III). 

“These electronic means, however, do not enjoy the 
years of tradition of more conventional means of 
authentication. Therefore, there is a greater risk that the 


document will not be regarded as admissible [Ref. 


20;p.331].” 


D. A BILATERAL ELECTRONIC RELATIONSHIP 


A new relationship runs concurrently with settled, 
legal, contractual relationships. “EDI trading amounts to a 
bilateral arrangement between, for example, a customer and 
a supplier giving rise to two separate legal relationships 
between them [Ref. 33] .” 

One relationship is the ordinary due course 
relationship, which would exist regardless of the mode of 
communication of trading data. Paper-based issues of 
contract formation already discussed apply. The new legal 
relationship arises from the act of passing electronic data 
between the parties. 

Tt is this second legal relationship that requires 


careful planning and precaution. Participants have to agree 
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to a secure means of transacting their business in an 
inherently unsecure, open architecture Internet system. The 
legal basis of contracting cannot be abrogated in this 
process. The system must be secure to ensure that all 
participants are who they say they are and that all 
participants have reliable evidence of their intent to be 
bound by a contract formed electronically. 

If the transmission is secure and the proper legal, 
paper-based requirements of offer, acceptance etc. are met, 
there should be no bar to forming a contract electronically 
instead of on paper. The key is being aware of a concurrent 
flow of responsibilities. 

Security systems and methods for securely transmitting 
data are available and can be put in place to meet the 
needs of electronic contracting. Specific security aspects 
of this new relationship are discussed more completely in 


Chapter III. 


E. CONCLUSION 


Contract formation principles on the Internet stay the 
same as in the paper-based system. The key difference is 
the method of ensuring that the information and terms and 


conditions that flow between the parties is what the 
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parties have intended and agreed to in their negotiations. 
A bilateral electronic relationship accounts for _ the 
additional electronic security measures needed to ensure 
the identities of the competent parties and their terms and 
conditions have not been altered while being transmitted on 
the Internet. 

A properly authenticated electronic contract meets all 
the requirements for executing a contract for all legal 


purposes. 
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III. ENCRYPTION AND SECURITY 


A. INTRODUCTION 


The Internet 1S open and broadly accessible, which 
makes it a difficult place for secure commerce. To be a 
viable alternative for commercial transactions, “any 
Internet-based system must be able to match the 
dependability and security of the traditional exchange of 
paper documents through the U.S. Postal System [Ref. 66;p 
35-49] .” 

Without this level of confidence, transactions on the 
Internet may be limited as participants maintain the safety 
and security of paper-based contracting. If Internet users 
do not believe that their communications and data are safe 
from interception and modification, they are unlikely to 
use the Internet on a routine basis for commerce. 

A concern is how easily someone can manipulate non- 
secure electronic documents without any telltale Signs of 
changes. Unsecured information packets can go through any 
number of computers on the way to reassembling at the 
target computer. Any number of ._opportunities exists to 


alter an unsecured document. 
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Security in an electronic contracting environment must 
include the following components: 


e the prevention of unauthorized disclosure of 
information 


e the prevention of unauthorized modification of 
information 


e the prevention of unauthorized withholding of 
information or resources [Ref. 13;p. 41] 


e verification that the information is real as opposed 
to unmodified; This is different than 
"authentication," which is a procedure used in 
computer systems to verify a user's identity and/or 
the unaltered state of the message 

e verification that the appropriate party owns or 
controls the access to the information [Ref. 56] 

These security concerns are reflected in numerous 

state electronic contracting legislative efforts and are 
Giscussed in Chapter VI. Cryptology and effective 


cryptosystems are one answer as to how information remains 


safe on the Internet. 


B. CRYPTOGRAPHY AND CRYPTOSYSTEMS 


Cryptography is the art of transforming information to 
ensure its secrecy or authenticity or both usually using 
algorithms of varying strengths. Cryptanalysis is concerned 


with breaking or defeating cryptography. A message before 
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transformation is called plaintext, and after 
transformation ciphertext. Transforming plaintext into 
ciphertext is encryption. Transforming ciphertext back to 
Original plaintext is decryption. A cryptosystem is a 
collection of algorithms. Algorithms have labels, which are 
keys. [Ref. 4;p. 350-377] 

Plaintext cannot be recovered from the ciphertext in a 
secure cryptosystem without using the decryption key. A 
strong cryptosystem has a large key space, which means that 
there are a large number of possible keys. In this way, it 
is not practical to use a trial and error method of trying 
a succession of possible keys to decrypt a ciphertext into 
its source plaintext. 

In a symmetric cryptosystem, a single key is both the 
encryption and the decryption key. The security of the 
cryptosystem depends on the secrecy of the key rather than 
the algorithm. 

In an asymmetric cryptosystem, separate encryption and 
decryption keys are used. A strong cryptosystem generates a 
ciphertext that appears random to standard statistical 
tests used to correlate a letter or character in the 


ciphertext to its counterpart in plaintext. 
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Cc. BASIC ENCRYPTION 


se Checksums 


A checksum is the Simplest form of digital 
fingerprint--a value, calculated from the content of other 
data that changes if the data upon which it is based 
changes. “Checksums have been used since the dawn of 
computing and are still the basis for error checking in 
some forms of the popular XMODEM file-transfer protocol 
[Ref. 49;p. 237] .” 

If the sum of all the numbers exceeds the highest 
value that a checksum can hold, the checksum equals the 
remainder that is left over when the total is divided by 
the checksum's maximum possible value plus 1. 

If A, who sent the document, calculated a checksum of 
X and B gets a checksum of Y, then the data were altered. 

The problem with checksums is that although 
conflicting checksums are proof that a document has been 
altered, matching checksums do not prove that the data were 
not altered. 

One can reorder numbers in the document and the 


checksum does not change. One can change individual numbers 


32 





in the document and manipulate others so that the checksum 
comes out the same. 

Capacity is another issue. If the checksum is also a 
i-byte value, then it cannot hold a number greater than 
255. If A uses 8-bit checksums, there is a 1 in 256 chance 
that two completely random data streams have the same 
checksums. 

Expanding the checksum length to 16 or 32 bits 
decreases the odds of coincidental matches, but checksums 
are still too susceptible to error to provide a high degree 
of confidence in the data they represent. [Ref. 49;p. 237] 


2. CRC 


Another way to fingerprint a block of data is to 
compute a cyclic redundancy check (CRC) value for it. 
Network adapters, disk controllers, and other devices have 
used CRCs for years to verify that what goes in aguas what 
comes out. Many modern communications programs use them to 
perform error checking on packets of data transmitted over 
phone tinee. 

The CRC technique protects blocks of data called 


Frames. Using this technique, the transmitter adds an extra 
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n- bit sequence to every frame called Frame Check Sequence 
(FCS). 

The FCS holds redundant information about the frame 
that helps the transmitter detect errors in the frame. The 
technique is popular because it combines three advantages: 

e Error detection capabilities 

e Little overhead 

e Ease of implementation. [Ref. 21] 

The CRC algorithm treats all bit streams as binary 
polynomials or strings of Os and 1s. Given the original 
frame, the transmitter generates the FCS for that frame. 
The FCS is generated so that the resulting frame is exactly 
devisable by some pre-defined polynomial. This pre-defined 
polynomial is the devisor or CRC Polynomial. [Ref. 21] 

The receiving end uses the same polynomial for the 
data and compares its result with the result appended to 
the message by the sender. If they agree, the data have 
been received successfully. If not, the sender can be 
notified to resend the block of data. [Ref. 22] 

Polynomial division is the basis of the mathematics 
behind CRCs. Each bit in a chunk of data represents one 


coefficient in a large polynomial. 
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Dividing a polynomial whose coefficients are defined 
in the CRC algorithm into the polynomial generated from a 
data stream yields a quotient polynomial and a remainder 
polynomial. The latter forms the basis of a CRC value. 

“If just one bit in a large block of data changes, 
there is a 100 percent chance that the CRC changes, too. 
Swapping two bytes or adding 1 to one and subtracting 1 
from another does not fool a CRC as it does a checksum.” 

The problem with a CRC value is that it does not stand 
up very well to intentional attacks. It is relatively easy 
for someone with access to a computer to generate a 
completely different file that produces the same CRC 
value. [Ref. 29;p. 237] 


3% Single Key Encryption 


Checksums and CRCs are just two of many different ways 
to check for message integrity. However, what is missing 
from that equation is security. Someone could change a 
message in midstream and simple algorithms cannot catch the 
change. Here is where more robust encryption schemes can 


provide both security and message verification. 
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Two broad categories of encryption schemes are Single 
key encryption (SKE) and dual key encryption (DKE). Public 
key encryption is another — for DKE. 

To implement encryption based on SKE technology, 
procedures are required to determine how keys are issued 


and controlled. [Ref. 56;p. 19] 


a) DES 

One form of SKE in use today is Data Encryption 
Standard (DES). Federal Information Processing Standard 
(FIPS) Publication 46 specifies DES as a standard. FIPS and 
its application is explained more fully in Chapter IV. 

This algorithm has a 56-bit key and encodes files 
in 64 bit blocks. DES is considered very secure, with 2°56 
or 7.6 X10°16 possible keys.[Ref. 4;p. 361] However, as 
processors become more powerful, DES becomes easier to 
compromise, as all these keys can be tested in a few hours 
on a supercomputer. To date, no one has cracked DES, but 
many opine that 56 key technology will soon yield a brute 
force breakthrough. [Ref. 40;p. 22] 

Triple DES, which uses 112 bit keys, uses a three-step 
process to encrypt data more securely than DES. It has been 


in use since 1979. 
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b) IDEA 

International Data Encryption Algorithm (IDEA) is 
designed to be more peeve than DES against brute force 
attacks. This system uses a 128-bit key and an eight-stage 
algorithm to resist cryptanalysis. The 128-bit key doubles 
the DES 56 bit key. 

The 128-bit key 1s used to generate 16 bit 
subkeys. It has a 64 bit block arrangement which is further 
subdivided into 16 bit sub blocks. There are eight rounds 
of encryption and a final transformation. Each round 
operates on four subblocks of plaintext and six subkeys, 
and the final transformation uses four subkeys. 

IDEA is patented in Europe but can be used for 
non-commercial applications without fee in the United 
States. It is widely used as part of Pretty Good Privacy 
(PGP). 


4. Dual Key Encryption 


A DKE, public key or asymmetric cryptosystem uses 
pairs of public and private keys that complement each other 
in performing encryption/decryption of a message. 

Lt 2A gence to send B a private message, A uses the 


listed public key of B to encrypt a message for privacy. 
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How A gets the listed key of B is discussed in the 
Certificate Authority (CA) paragraphs below. 

B applies the private key to decipher the encrypted 
private message. If A wants to digitally sign the message, 
A's message is authenticated and signed by hashing the 
message with a one-way hash algorithm, and then encrypting 
the hash with A's private key. Hashing and digital 
Signatures are discussed in this chapter. 

B then applies A's listed public key to verify that 
the message was signed by A, and that the message was not 
modified subsequent to A's signature. 

As stated before, the use of single key encryption is 
somewhat impractical because of the need to share keys with 
many people. DKE alleviates this problem. The concept of 
DKE cryptography is appealing because it simplifies some of 
the problems involved in secret key distribution. 

When applied to encryption, it allows a person sending 
a message to send a message that can only be read by the 
receiver, without having a need for the sender and receiver 
to agree on any secret key. 

There are some problems with DKE as well as 
alternatives. “In practice, the methods that have been 


developed for realizing public key encryption are 
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comparatively slow, and public key cryptography is 
generally used for encrypting session keys that are then 
used for a faster traditional single-key encryption method 


such as the DES [Ref. 38].” 


a) SKIPJACK 

NSA designed SKIPJACK and it is the encryption 
algorithm used in the Escrowed Encryption Standard (EES). 
EES was the standard that brought clipper chip to data 
security. 

SKIPJACK is classified. It uses an 80-bit key and 
works on 64 bit blocks of data. It uses 32 rounds of 
processing and can be used in all four operating modes 
defined by DES. 

There has been public testing and no one has been 
able to break SKIPJACK to date. Some people believe that 
the National Security Agency (NSA) has trapdoors in the 
algorithm that would allow the NSA or other agencies the 
opportunity to decipher the code without the private key. 
The NSA and other agencies involved in security are 


discussed in Chapter IV. 
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b) RSA 


Rivest, Shamir, and Adleman (RSA) pioneered this 
algorithm. The mathematics behind RSA is based on the fact 
that the product of two relatively prime numbers is simple 
to calculate, as a multiplication, but cannot be factored 
to find those two primes without considerable computational 
time and expense. [Ref. 34;p. 28] 

The key pairs from two random very large prime 
numbers are multiplied together to form the nucleus used to 
compute the two keys. In order to defeat the process, these 
prime factors must be calculated. For a 1024 bit key size, 
this calculation is considered impractical. This algorithm 
is secure enough for military or national security uses. 
The problem with RSA is that it is slow for large key and 
file combinations. 

RSA technology is the standard for the Society 
for Worldwide Interbank Financial Telecommunication banking 
network. It is in the X.509 international security standard 
and will become part of the Internet's upcoming Privacy 
Enhanced Mail standard. [Ref. 42] X.509 Standard is 


discussed more thoroughly in Chapter IV. 
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RSA is a public key cryptosystem that provides 
both encryption and authentication. It provides two 
features not found in DES: 


e a means for exchanging keys without the prior 
exchange of secret keys and digital signatures 


e the ability for any party to be able to send an 
encrypted message or verify a digital signature 
message using publicly available keys. 

RSA has a patent in the United States. It has 
become the standard for encrypting financial and other 
sensitive data transmitted over the Internet. Many 
companies using the Internet to transact business, 
including CyberCash, DigiCash, Microsoft and Netscape, have 
RSA licenses. MasterCard and Visa have agreed to jointly 
develop a technical standard (SET) using credit cards over 
the Internet based on RSA's encryption technology. [Ref. 
56;p. 19] 

In 1994, RSA Data Security's public’ key 
encryption technology was chosen to secure transactions and 
message exchanges over CommerceNet, a network designed to 
conduct electronic commerce over the Internet. CommerceNet 
is operated by the CommerceNet Consortium, a non-profit 
corporation funded by a three year, $6 million grant from 


the U.S. Government's Technology Reinvestment Project. 
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“CommerceNet will win over many skeptics who thought 
electronic commerce wasn't possible over the Internet [Ref. 
Z0)2" 

RSA currently licenses its encryption algorithms 
to companies including Netscape Communications, Microsoft, 
IBM, AT&T, Motorola, Apple Computer and Sun Microsystems. 
The RSA technology is also at the center of a proposed 
system for protecting credit card transactions on the 
Internet which is being developed by Visa International and 


MasterCard. [Ref. 37] 


c) PGP 


Pretty Good Protection (PGP) is a non-commercial 
encryption program designed for use on the Internet. PGP 
uses public key cryptography to encrypt files and email 
messages and to authenticate messages against alteration. 
PGP prompts the user for a secret phrase before encrypting 
a file. Only a party who knows the phrase can open the 
file. To send an encrypted email, the message is encrypted 
with the recipient's public key. The recipient uses his or 
her private key to decrypt the message. [Ref. 56;p.19] 

PGP works on the principle of public. key 


encryption. Every PGP user has two keys, each one a random 
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string of bits. One is a public key that is distributed to 
the world; the other is a secret key the user keeps to 
himself. 

Because the keys are unique, PGP has a second 
benefit: authentication. Even if the message is not 
encrypted, the recipient can tell it is from the sender 
alone as long as the sender used PGP to electronically sign 
it. (Ref. 14;p. E3] 

PGP has been widely deployed by both individuals 
and businesses around the world -in numerous application 
environments. PGP is both a program for encrypting and 
digitally signing data as well as a format for sendine 


encrypted messages. ([Ref. 36] 


D. KEY MANAGEMENT 


A weakness of any public key cryptography system is 
the need to reliably bind the identity of a person to that 
person's key. 

If there is no binding, then C, an imposter could list 
his own public key in a directory as the key of B, the 
intended recipient, and then intercept and decrypt a 
private message intended for B. Alternatively, if A wanted 


to digitally sign a message, C could insert his public key 
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as A’s public key. C would use his own private key to issue 
authenticated and signed messages in the forged name of A. 

One method of ensuring the secure binding of A’s 
public key to the identity of A, and the binding of B's 
public key to the identity of B, requires the assistance of 
CA, a trusted third-party who is sometimes referred to as a 
Certification Authority, or CA. 

A and B both present their public keys to the CA and 
the CA then adds a digitally-signed public key certificate 
to A's public key, certifying that "This is A's Public 
Key," and repeats the process with B's public key. 


ae Digital Key Certificates 


Digital certificates provide an electronic means of 
proving identity analogous to a driver's license or 
passport. A digital certificate binds a user's identity to 
a digital signature and is verified by a trusted third 
party. 

A digital certificate allows A to verify that a public 
key belongs to B. Thus, a digital certificate attempts to 
prevent someone from using a phony key and then 


impersonating someone else. 
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A digital certificate contains a public key and a user 
name. More complex digital certificates can include an 
expiration date, the name of the certification authority 
that issued the certificate, a serial number and the 
digital signature of the certificate issuer. 

The standard format for digital certificates is the 
ITU-T X.509 international standard from the International 
Telecommunication Union in Geneva, Switzerland. The x.509 
authentication scheme can use both secret- and public-key 
cryptography. While the standard does not require a 
particular algorithm, the specification does recommend 
using the RSA algorithm. Digital certificates verify a 
user's identity only, as opposed to allowing them to 
conduct a particular type of transaction. 


2% Certification Authority 


A certification authority (CA) is a trusted third- 
party that certifies the identities of certificate holders 
and their association with a given key. Once the CA 
determines that a request is genuine, it creates a 
certificate. 

After certification, for each message, A encrypts the 


message with its private key, and appends its public key. 
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A sends the public key with the message without encryption 
and it is signed and certified by the CA. B can use the 
public key sent with the message, or look it up 
independently, using the CA's~ public key = and_ the 
certificate. (Ref. 34;p. 28] 

Every certificate contains a serial number’ and 
expiration date. Additionally, there is a certificate- 
revocation list (CRL) that works like a "bad card" list for 
a credit card company. 

There are circumstances when certificates may need to 
be revoked and put on the CRL. If the Ree specified within 
the certificate has been compromised or if the user named 
in the certificate loses authority, the CA can put the 
certificate on the CRL. 


Two CAs can establish a trust relationship and issue 


certificates to one another. This is called cross 
certification. 
CAs generally publish their identification 


requirements and standards on their website. Most CAs will 
work the same way. A can generate a key pair and send the 
public key to an appropriate CA, with some proof of 
identity. The CA checks A’s identification and verifies 


that the request really did come from A. The CA then sends 
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A a certificate attesting to the bond between A and the 
public key, along with a hierarchy of certificates 
verifying the CA's pub key. A can present this 
certificate chain to demonstrate the legitimacy of the 
public key. 

For risk management, B can ascertain the appropriate 
level of Bene ence to the issued certificates. CA's with 
lower levels of identification requirements will produce 
certificates with lower levels of assurance. For major 
certificates, significant identification is required. It is 
all a matter of the level of security needed. [Ref. 59] 


3% CA Trust Models 


Essentially three different types of CA trust models 
exist eeaay: Central Authority; Hierarchical Authority; and 
Web of Trust. 

The Central Authority model is based on a_ single 
certification authority. This approach was used in early 
versions of Netscape. However, current versions of Netscape 
Navigator as well as Microsoft Explorer allow for the 
installation of alternative certification-authority public 


keys. [Ref. 59] 
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The Hierarchical Authority model is when one CA uses a 
digital certificate from another CA. The highest 
certification authority in the hierarchy is known as the 
top-level CA. At the very top of the hierarchy is the root 
public key. That root public key signs the certificates for 
all top-level certification authorities, which can then 
sign certificates £Or lower-level certification 
authorities. [Ref. 59] 

PGP uses the Web of Trust model. It allows anyone with 
a certificate to act as a CA by signing another 
certificate. This model is based on the assumption that, if 
A trusts B and B trusts C, then A can trust C. As for PGP, 
if A views someone's certificate with C’s signature, then A 
can trust that signature. The Web of Trust model moves the 
responsibility of trust to the user. [Ref. 59] 


4. Hashing function 


A hashing function is similar to a checksum, in that a 
relatively small hash code can be created from a large file 
which identifies that file. 

A one-way hash function takes messages of variable 
lengths to produce a hash of fixed length. Once the hash is 


generated, it is impossible to use the hash to "reverse 
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engineer" the message. Message digest function is another 
name for a one-way hash function. [Ref. 5;p. 375] 

Typically, hash values are at least 128 bits in 
length. The greater the length, the more difficult it is to 
reproduce the input or to find another set of input data 
that produces a matching result. [Ref.49;p. 237] The hash 
code is an integral part of a digital signature. 


Ss Digital Signatures 


“Authentication, nonrepudiation and integrity checks 
can be supported with a digital signature.” [Ref. 4;p. 373] 
A digital signature is a data element that cannot be forged 
and that verifies the identity of the party who wrote or 
otherwise agreed to the message to which the signature is 
attached. 

Hash algorithms are combined with public-key 
cryptosystems to produce digital signatures that guarantee 
the authenticity of a set of input data the same way a 
written signature verifies the authenticity of a printed 
document. [Ref. 49;p. 237] 

A hash function produces a message digest. The message 
digest is encrypted with A’s private key. This creates the 


digital signature. The digital signature is appended to 
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the message and sent to B. B decrypts the digital signature 
using A’s public key in order to recover the message 
digest. 

B hashes the message with the same hash function that 
A used and compares the result with the message digest 
decrypted from the digital signature. If they are the same, 
then the digital Signature has been verified as originating 
with the A.[Ref. 56;p. 19] 

Digital signatures are tied to message content so in 
some ways, digital signatures are more secure than written 
signatures. Because written signatures are not message- 
dependent, one signed paper document allows’ unlimited 
imitations by a skilled forger. Digital signatures do not 


suffer from this problem. [Ref. 34;p. 28] 


E. CONCLUSION 


The Internet is an open system, where the identity of 
the communicating partners is not easy to define. The 
communication path is non-physical and may include any 
number of eavesdropping and active interference 
possibilities. This makes Internet communication much like 
postcards in the mail, which anonymous recipients can 


answer. To be effective, these postcards must be able to 
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carry messages between specific endpoints in a secure and 
private way. 

The solution is to use encryption and certification. 

To encourage using the Internet for commercial 
transactions, the Clinton Administration is taking steps to 
alleviate security fears. “The Administration, in 
partnership with industry, is taking steps to promote the 
development of a market driven, public key infrastructure 
that enables trust in encryption and provide the safeguards 
that users and society needs [Ref. 2].” 

DKE provides a means to implement digital signatures. 
Separation of public and private keys allows users to sign 
their data with their secret key, allows others to verify 
their signatures with the public key, but allows the signer 
to keep their secret key private. 

The private key provides the link between the public 
key and the individual, and remains a valid link if the 
user properly maintains the secrecy of the private key. 

If for some reason a user's secret key for a digital 
Signature scheme is compromised, then the public key may 
need to be revoked. If it is known when the private key was 
compromised, then there is no nee to invalidate all of the 


documents that were signed before this date. 
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A digital signature serves the same purpose as a 
handwritten signature on a paper document. A digital 
Signature provides: 


e verification that the message originated with the 
party whose signature is attached 


e verification that the message has not been altered 
since the signature was attached 


e a means to preclude the "signer" from later 
disowning or repudiating the message by claiming 
that the message had been forged or altered after 
transmission. [Ref. 56;p. 19] ) 

With these security and encryption measures in place, 

commercial transactions can be made safe from interception 
or interference. If electronic contracts can be signed and 
the signer’s identity is securely appended to the 
electronic document, and if there is clear evidence that 
the contract has not changed terms or conditions during 
transmission, then there should be minimal questions as to 


the validity of the contract and its binding nature on both 


parties. 
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IV. FEDERAL REQUIREMENTS 


A. INTRODUCTION 

There are agencies, policy boards and regulatory 
committees in the Federal Government that have cognizance 
over computer security, Internet transactions and/or 
encryption concerns. Electronic contracting requires a 
‘coordinated approach from many different agencies and 
governing bodies before it can be viable. 

This chapter discusses the principal agencies, policy 
boards and regulatory committees that shape policy in these 
areas. The second half of the chapter discusses the primary 
legislation and regulation in place at this time that 
addresses electronic contracting or the background state of 
electronic information flow among agencies. Additionally, 
the chapter addresses the current state of Federal security 
policy. 
| This chapter is designed to provide a broad background 
of the participants and the laws or regulations that have 
the most impact on an Agency attempting to establish an 
electronic contracting system. This chapter does not 
address individual Agency’s interpretations of law or 


regulations. 
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B. AGENCIES 


Li NIST 


The National Institute of Standards and Technology 
(NIST) is a division of the Department of Commerce and was 
known as the National Bureau of Standards (NBS). NIST is 
chartered with spelling out security guidelines for 
unclassified information and has no authority in the 
classified world. [Ref. 10;p. 37] 

NIST issues standards and guidelines that it tries to 
get adopted by computer systems in the U.S. Official 
standards are published as Federal Information Processing 
Standards (FIPS) publications. (FIPS see Chapter V). 

In 1987 Congress passed the Computer Security Act, 
which authorized NIST to develop standards for ensuring the 
security of sensitive but unclassified (SBU, see Chapter V) 
information in Government computer systems. It encouraged 
NIST to work with other Government agencies and private 
industry in evaluating proposed computer security 


standards. [Ref. 18] 
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a) DES 


IBM developed DES in 1977 upon eiaee NIST 
accepted DES as a standard for encryption. This form of 
encryption uses a single key encryption algorithm. 

The drawback of DES is key management, which 
involves ensuring that User A and User B have arranged for 
possession of the appropriate key for decryption to occur 
or the secret distribution of the code. Due to these 
drawbacks, many encryption experts believe that DES is 
approaching obsolescence. [Ref. 52] 

For years, NIST has promised to come up with a 
public-key standard for the Government, just as it selected 
the DES as a private-key standard in 1977. A public-key 
Standard would help legitimize and promote the use of 
encryption by endorsing a technology that is far easier to 
use than DES.[Ref. 42;p. 1] DES isolated the Government 
from the commercial sector, international banking and the 
Internet community, most of which have thrown their support 


behind RSA. 


b) DSA 


The Digital Signature Algorithm (DSA) includes 


Signature generation and verification. Generation makes use 
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of a private key to generate a digital signature. 
Verification of the signature makes use of a public key 
that corresponds to the private key used to generate the 
Signature. 

NIST designated this standard for all Federal 
departments and agencies for the protection of unclassified 
information. This standard must be used in designing and 
implementing public key-based signature systems operated by 


Federal departments and agencies. [Ref. 58;p. 36] 


c) DSS 


NIST adopted the Digital Signature Standard (DSS) 
as the Federal standard for authenticating electronic 
documents. 

The DSS defines a public key cryptographic system 
for generating and verifying digital signatures. The DSS is 
used with the Secure Hash Standard (SHS) FIPS to generate 
and verify digital signatures. The Secretary of Commerce 
approved the DSS as Federal Information Processing Standard 


(FIPS) 186 (See Chapter V).[Ref. 31] 
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2. NSA 


The National Security Agency (NSA), part of the 
Department of Defense (DoD) handles classified national 
security issues. [Ref. 10;p. 37] 

NSA and its National Computer Security Center (NCSC) 
have responsibility for the security of systems. and 
telecommunications collectively known as national security 
systems. The President has designated the Director of NSA 
as the National Manager for computer security for national 
security systems. 

National security systems are the systems used by the 
U.S. Government that; 

e contain classified information 

e involves intelligence activities 


e involves cryptologic activities related to national 
security 


e involves command and control of military forces 
e involves a weapon or weapon systems 


®* involves equipment critical to military or 
intelligence missions. [Ref. 19] 


The NSA, through the NCSC, assists Federal departments 
and agencies with information security in issues related to 


national security systems. Services include risk 
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assessment, security planning, operations security, and 
identification of security measures. 

NSA assesses the vulnerabilities of information 
systems and provides recommendations on Information Systems 
Security (INFOSEC) countermeasures that an Agency needs to 


eliminate or reduce these vulnerabilities. 


3% DISA 

Defense Information Systems Agency (DISA) is 
responsible for planning, developing and supporting 
command, control, communications, computers and 


intelligence (C4I) and information systems that serve the 
needs of the National Command Authorities (NCA). 

The Agency is responsible for providing communications 
networks, computers, software, databases, applications and 
other capabilities that meets the information processing 
and transport needs of DOD users. 

It is the central manager of major portions of the 
Defense Information Infrastructure (DII see chapter V). It 
provides guidance and support on technical and operational 
and information systems issues and coordinates DOD planning 


and policy for the integration of C4I systems and the 
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insertion of leading edge technologies into the DII. [Ref. 
23} 

In its role supporting computer security, DISA 
recently purchased Netscape Communicator and associated 
server software. 

These products are capable of employing either 
per ewatewesed. pubiae key certificates and cryptography at 
medium assurance level, or FORTEZZA high assurance 
certificates and cryptography to secure web-based 
information access across a mix of Unix and Windows 
platforms. 

These products will be used as part of an effort to 
pilot a medium assurance Public Key Infrastructure (PKI, 
see chapter  V) in support of the Defense Travel 
System. [Ref. 23] | 


4. OMB 


The Office of Management and Budget is an office in 
the Executive Office of the President. 

OMB's predominant aiaaton is to assist the President 
in overseeing the preparation of the Federal budget and to 
supervise its AGiinieeeseicn in Executive Branch agencies. 


In helping to formulate the President's spending plans, OMB 
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evaluates the effectiveness of Agency programs, policies, 
and procedures, assesses competing funding demands among 
agencies, and sets funding priorities. OMB ensures that 
Agency reports, rules, testimony, and proposed legislation 
are consistent with the President's budget and with 
Administration policies. 

In addition, OMB oversees and coordinates the 
Administration's procurement, financial management, 
information, and regulatory policies. In each of these 
areas, OMB's role is to help improve administrative 
management, to develop better performance measures’ and 
coordinating mechanisms, and to reduce any unnecessary 
burdens on the public. In its role overseeing information 
technology, OMB has implemented several major regulatory 


policies that affect electronic contracting (see below). 


2 GAO 
The General Accounting Office (GAO) is the 
investigative arm of Congress. Charged with examining 


matters relating to the receipt and disbursement of public 
funds, GAO performs audits and evaluations of Government 


programs and activities. 
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Over the years, the Congress has expanded GAO's audit 
authority, added new responsibilities and duties, and 
strengthened GAO's ability to perform independently. 

Supporting the Congress is GAO's fundamental 
responsibility. In meeting this objective, GAO performs a 
variety of services; the most prominent of which are audits 
and evaluations of Government programs and activities. 

Other assignments are initiated pursuant to standing 
commitments to congressional committees, and law 
specifically requires some reviews. Finally, some 
assignments are independently undertaken in accordance with 
GAO's basic legislative responsibilities. 

In support of this mission, GAO has issued decisions 
that have affirmed the status of electronic contracting. 

6. National Computer System Security and Privacy 


Board (PSSPB) 


Congress established the CSSPB as a public advisory 
board in the Computer Seceriey Act of 1987. The Board is 
composed of twelve members and a chairperson who are 
recognized experts in the fields of computer’ and 
telecommunications systems security and technology. 


The duties of the Board are: 
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e to identify emerging managerial, technical, 
administrative, and physical safeguard issues 
relative to computer systems security and privacy 


e to advise NIST and the Secretary of Commerce on 
security and privacy issues pertaining to Federal 
computer systems 

e to report its findings to the Secretary of Commerce, 
the Director of the Office of Management and Budget, 


the Director of the National Security Agency, and 
the appropriate Committees of the Congress. [Ref. 18] 


Cc. LEGISLATION AND OMB CIRCULARS 


Ls Computer Security Act 


In 1987, the U.S. Congress enacted a law reaffirming 
that NIST was responsible for the security of unclassified, 
non-military Government computer systems. Under the law, 
the role of the NSA was limited to providing technical 
assistance in the civilian security realm. Congress felt 
that it was inappropriate for a military intelligence 
Agency to have control over the dissemination of 
unclassified information. 

The specific purposes of the Act was to assign NIST 
responsibility for developing standards and guidelines for 
Federal computer systems, including standards and 


guidelines security and privacy of sensitive information in 
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Federal computer systems. The Act allows NIST to seek the 
technical advice and assistance of NSA. [Ref. 18] 

The law was enacted after President Reagan issued the 
National Security Decision Directive (NSDD) 145 in 1984. 
The Reagan directive gave NSA control over all Government 
computer systems containing SBU information. A _ second 
directive issued by National Security Advisor John 
‘Poindexter that extended NSA authority over non-Government 
computer systems followed this. 

The Act established minimum acceptable security 
practices for systems. The Act specifies several areas that 
require attention and specific action among the agencies 
involved. 

Section 20(c) requires that NIST use computer system 
security guidelines developed by NSA to the extent that 
those guidelines are consistent with the requirements for 
protecting sensitive information in Federal computer 
systems. 

The Act replaced Section 11(d) of the Federal Property 
and Administrative Services Act of 1949 with new language 


that: 
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e empowers the Secretary of Commerce, through NIST, to 
promulgate standards and guidelines pertaining to 
Federal computer systems, making the standards 
compulsory 

e authorizes a Federal Agency to employ standards that 


are more stringent than the standards promulgated by 
the Secretary of Commerce 


e provides that the standards may be waived by the 
Secretary of Commerce if compliance would adversely 
affect the accomplishment of the mission, or cause a 
major adverse financial impact on the operator which 
is not offset by Government-wide savings. [Ref. 18] 


2 OMB Circular A-119 


OMB A-119 establishes policies to improve the internal 
management of the Executive Branch. Consistent with the 
National Technology Transfer and Advancement Act of 1995, 
the Circular directs agencies to use voluntary consensus 
standards in lieu of Government-unique standards except 
where inconsistent with law or otherwise impractical. It 
provides guidance for agencies participating in voluntary 
consensus standards bodies. 

The Circular was intended to reduce to a minimum the 
reliance by agencies on Government-unique standards. [Ref. 
15] This Circular and its goals are consistent with 


acquisition streamlining goals that push for commercial 
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procedures in lieu of Government standards and military 
specifications. 

The Circular applies to all agencies that use 
standards and participate in voluntary consensus standards 
activities, except for activities carried out pursuant to 
treaties. The goals are: 

e eliminate the cost to the Government of developing 

its own standards and decrease the cost of goods 
procured and the burden of complying with ngSReY 


regulation 


e provide incentives and opportunities to establish 
standards that serve national needs 


e encourage long-term growth for U.S. enterprises and 
promote efficiency and economic competition through 
harmonization of standards 

e further the policy of reliance upon the private 
sector to supply Government needs for goods and 
services. 

The thrust is to make agencies use voluntary consensus 

standards, both domestic and international, in its 
regulatory and procurement activities in lieu or 


Government-unique standards. [Ref. 15] 


3. OMB Circular A-130 


OMB Circular A-130 mandates that, as a part of 
protecting computer systems, agencies incorporate computer 


security in the system acquisition process. 
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The Computer Security Act of 1987 and this circular 
mandated that Agencies protect automated information and 
the resources used to process it. 

To accomplish this goal, computer security and Federal 
information processing (FIP) procurement must be 
integrated. The integration is accomplished by 
incorporating computer security into all phases of the 
‘procurement cycle: planning, solicitation, source 
selection, and contract administration and closeout. 

NIST has prepared a Sample Statement of Work for 
Federal Computer Security Services, which provides 
assistance to agencies that are contracting for computer 
security services, such as performing a risk analysis. 


4. AECA 


Until 1992, the U.S. State Department according to the 
ITAR (International Traffic in Arms Regulations) regulated 
the export of cryptography. [Ref. 1] 

The State Department, both on its own volition and as 
advised is DoD and NSA, directly regulates the export of 
cryptography for reasons of national security. 

The U.S. Government considers cryptography to be a 


defense article or a munition. There are some exceptions, 
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in which the State Department relinquishes jurisdiction in 
favor of the Bureau of Export Administration (BXA) within 
the Commerce Department, for certain types of cryptographic 


products, typically those employing no or weak encryption. 


D. CONCLUSION 


The principal agencies exert control over what will be 
the electronic contracting network. Several agencies and 
several regulatory bodies exert influence in various 
aspects of electronic contracting. Additionally, there are 
overarching goals and standards that the bodies are trying 
to design or adhere to when they conduct their business. 

The chapter shows that, while there are agencies in 
charge and rules assigned, there is both overlapping and 
conflicting authority as well as policy coverage gaps where 


no Agency has the lead. 
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V. STANDARDS 


A. INTRODUCTION 


Standards have become critical elements in planning 
for information systems. Different systems and networks 
must be interconnected for secure, reliable and accurate 
transmission and processing of the information. 

On the other hand, standards are not rigid. There is 
room for interpretation in any electronic standard. This 
chapter highlights some of the current standards and 
overarching network visions in use today. 

This chapter covers the primary standards in place at 
the Federal level for electronic transactions. The focus is 


on security and current Federal policy. 


B. FIPS 


The Computer Systems Laboratory (CSL) of NIST develops 
Federal Information Processing Standards Publications (FIPS 
PUBS). CSL issues FIPS under the provisions amended by the 
Computer Security Act of 1987, Executive Order, and Part 6 
of Title 15 Code of Federal Regulations. 


The goals of the FIPS program are to: 


e improve the life-cycle efficiency and effectiveness 
of Federal information technology resources 
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e facilitate the competitive and economic procurement 
of systems, components and services 


e improve the portability of data, software, and 
technical skills across systems 


e protect systems and networks against unauthorized 


access, manipulation, abuse, and protect information 
from unauthorized modification or disclosure 


e reduce waste, errors, and unnecessary duplication in 
the application and use of systems 


e increase the productivity of the Federal 
workforce. [Ref. 48] 


CSL develops standards, guidelines, test methods, 
technical agreements, management, physical, and 
administrative standards for the security and privacy of 
sensitive information in Federal computer systems. These 
activities support both Government and industry. 

CSL participates in the development of national and 
international industry standards. They promote open 
systems. The goal is commercial-off-the-shelf products and 
services that will serve the needs OL users 
everywhere. [{Ref. 48] 


se FIPS 46-2 


The Data Encryption Standard (DES) specifies an 


approved cryptographic algorithm as required by FIPS 140-1. 
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The key is a 64 binary digits ("O"s or "1"s) of which 
56 bits are randomly generated and used directly by the 
algorithm. The other 8 bits are used for error detection. 

Data that are considered sensitive (see SBU), that 
have a high value should be protected if they are 
vulnerable to unauthorized disclosure or undetected 
modification during transmission or while in storage. 

Cryptographic devices and their technical data are 
subject to Federal Government export controls as specified 
in Title 22, Code of Federal Regulations, Parts 120 through 
128. Exports of cryptographic modules implementing this 
standard and their technical data must comply with these 
Federal regulations and be licensed for export by the U.S. 
Department of State. 

Other exports of cryptographic modules implementing 
this standard and their technical data fall under the 
licensing authority of the Bureau of Export Administration 
of the Department of Commerce: The Department of Commerce 
is responsible for licensing cryptographic devices used for 


authentication, access control and proprietary software. 
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2 FIPS 113 


This standard specifies a Data Authentication 
Algorithm (DAA) which may be used to detect unauthorized 
modifications to data. 

The standard is based on DES and is compatible with 
both the Department of the Treasury's Electronic Funds and 
Security Transfer Policy and the American National 
Standards Institute (ANST) Standard for Financial 
Institution Message Authentication. [Ref. 17] 


3. FIPS 140-1 


This establishes the security requirements that are to 
be satisfied by a cryptographic module implemented within a 
security system. It provides four increasing levels of 
security intended to cover a wide range of potential 
applications and environments. 

The security requirements cover basic design and 
documentation, module interfaces, authorized roles and 
services, physical security, software security, operating 
system security, key management, cryptographic algorithms, 
electromagnetic interference/electromagnetic compatibility 


and self-testing. [Ref. 48] (See also DoD 5200.28 below) 
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4. FIPS 171 


This standard adopts .ANSI X9.17 and specifies a 
particular selection of options for the automated 
distribution of keying material by the Federal Government 
using the protocols of ANSI X9.17. ANSI X9.17 defines 
procedures for the manual and automated management of 
keying materials and uses DES for key management. [Ref. 48] 


Ds FIPS 180-1 


The Secure Hash Algorithm (SHA-1) is for computing a 
condensed representation of a data file. When a message of 
any length less than 264 bits is input, the SHA-1 produces 
a 160-bit output called a message digest. The message 
digest can be input to the DSA which generates or verifies 
the signature for the message. 

The SHA-1 is secure because it is impractical to find 
a message which corresponds to a given message digest, or 
to find two different messages which produce the same 
message digest. Any change to a message in transit results 
in a different message digest, and the signature fails to 


verify. 
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This standard is required for use with DSA as 
specified in the DSS and whenever a secure hash algorithm 
is required for Federal applications. [Ref. 48] 


6. FIPS 185 


The Escrowed Encryption Standard (EES) provides an 
encryption/decryption algorithm and a Law Enforcement 
Access Field (LEAF) creation method, which agencies can 
implement in electronic devices and use to protect 
Government telecommunications. 

The LEAF is used in a key escrow system that provides 
for decryption of telecommunications when access to the 
telecommunications is lawfully authorized. [Ref. 48] 

The algorithm of EES is Skipjack (chapter III) 
developed by NSA. The Clipper Chip portion of EES pertains 
to digital telephony, and projects the use of a hardware- 
implemented Skipjack algorithm. 

EES requires that one of the keys be split in two and 
held in escrow by two Government custodians. This allows a 
Government law enforcement Agency to obtain the keys from 
the escrow custodians, enabling the Government to eavesdrop 


on the otherwise confidential communications. 
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7. FIPS 186 


This Standard specifies a DSA appropriate for 
applications requiring a digital signature. The DSA is a 
pair of large numbers represented as strings of binary 
digits. Signature generation and verification are through a 
public key/private key arrangement. 

The message digest is input to DSA to generate the 
Gieieai Signature. The digital signature is sent to the 
intended verifier along with the data. 

The receiver verifies the signature by using the 
sender's public key. The hash function is specified the 
Secure Hash Standard (SHS), FIPS 180. 

This standard must be used in designing and 
implementing public-key based signature systems which 
Federal departments and agencies operate or which are 
operated for them under contract. 

DSS is mandatory for use by Federal agencies and their 
contractors. [Ref. 61;p. 10] However, it seems that NIST- 
eeandeea cryptography such as the Escrowed Encryption 
Standard (EES) and DSS are hardly used in Government, and 


virtually not at all by industry. 
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C. DOD 5200.28-STD 


The NCSC published 36 books known as the Rainbow 
Series. Each book in the Rainbow Series details a specific 
aspect of computer security. One of the first is the Orange 
Book, officially titled the Department of Defense Trusted 
Computer System Evaluation Criteria (TCSEC). 

The Orange Book identifies four security levels, 
ranging from Division D to Division A. The levels in use 
currently are D, Cl, C2, Bl, B2, B3, and Al. 

Each level sets a minimum security threshold that a 
system must meet in the hardware, software, operating 
system or firmware. 

Divisions are segmented into classes. Each rating 
outlines system requirements based on security policy, 
accountability, assurance, and documentation, and builds 
upon the prior rating. 


se Division D 


The least secure rating is Division D--minimal 
protection of a computer network. According to the Orange 
Book, this division contains only one class. It is reserved 


for those systems that have been evaluated but that fail to 
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meet the requirements for a higher evaluation class. 


Products or systems in this class are not secure. 
Zs Division C 


Level C is discretionary protection where information 
is provided on a "need-to-know" basis. Division C systems 


are nominally secure. 


a) Cl. 


A Class Cl rating means user access to files is 
controlled, although files can be shared. Users must 
identify and authenticate themselves, and data must be 
protected from unauthorized users. The trusted computer 
base (TCB) should protect itself from outside tampering. 
The Cl rating requires periodic testing of the hardware and 


software on the system. 


b) C2. 


The 1987 Computer Security Act requires that all 
Federal agencies with sensitive but unclassified (SBU) 
information protect their systems to the C2 level or 


equivalent [Ref. 18]. C2 systems must limit users' access 
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to data. Only authorized individuals can assign access 
rights to individuals or groups of users. The TCB has to 
create an audit trail and protect against unauthorized 
access, changes, or destruction of the audit trail. The 
audit has to monitor the time and date, type, and success 


or failure of each event. The TCB needs to record: 


e user identification and authentication 
e which files or programs a user uses 
e when and which objects are deleted 


e the actions of computer operators, system 


administrators, and/or system security officers 


e ‘other security-relevant events’ 


3. Division B 


Division B is Mandatory Protection. This division uses 
sensitivity labels to determine whether a user can access a 


particular object. 


78 





a) Bi. 


Class Bl requires an informal statement of the 
security policy model, data labeling, and mandatory access 
control. The Bil class establishes security clearances as 
well. The TCB also checks to make sure that the security 
clearances of outside parties were granted by an authorized 
user. Audits at the Bl level must also record an object's 
security level and track activities based on user identity 


and/or object security level. 


b) B2. 


This level requires a formal security policy and 
proof that the system upholds that policy. The B2 system 
must include a mechanism to guard against outside or 
unauthorized interference or tampering. Least privilege is 
enforced. Least privilege grants the user the most 
restrictive clearance required to complete the task. 
Hardware is used to separate objects with differing 
attributes, and user interfaces to the TCB must be defined 
and all elements identified. The operator and administrator 


functions must be separate. 
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c) B3. 


Class B3 is the highest rating in Division B, and 
the second-highest Federal security level. A B3-rated TCB 
is highly resistant to penetration and is tamperproof. Code 
that is not essential to enforcing the security policy is 
excluded. B3 systems are designed to minimize complexity. 
The system supports a security administrator and an audit 
mechanism that signals security-relevant events. B3 is also 
the first level that addresses system-recovery procedures. 


4. Division A 


Class Al signifies the most secure Federal 
system. Al systems must cite a formal model of the security 
policy and include mathematical proof that the model 
Supports the policy. Beyond Al, the Orange Book suggests 
the possibility of a future class, based on advanced 


technologies as a means for advancing the standards. 


D. DI 


The Defense Information Infrastructure (DII) is a 
planned web of communications networks, computers, 
software, databases, applications, weapon system 


interfaces, data, security services, and other services. 
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The DII Master Plan provides the baseline description of 
DII policy, guidance, strategies and initiatives. It is a 
management tool for identifying DII voids, discrepancies, 
issues, and opportunities. [Ref. 23] 

The DII is akin to the National Information 
Infrastructure (NII) that is seeking to link all aspects of 


the Federal Government in a seamless computer web. 


EB. SBU 


Sensitive But Unclassified (SBU) information is 
information where the disclosure, loss, misuse, alteration, 
or destruction of which could adversely affect national 
security or other Federal Government interests. 

National security interests are those unclassified 
matters that relate to the national defense or the foreign 
relations of the U.S. Government. 

Other Government interests are those related to the 
wide range of Government information or commercial 
proprietary information provided to the U.S. Government. 

"Federal Departments and Agencies shall ensure that 
telecommunications and automated information systems 
handling SBU information protects such information to the 


level of risk and magnitude of loss or harm that could 
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result from disclosure, loss, misuse, alternation, or 
destruction [Ref. 47]." Federal contracting information 


falls into the SBU category and requires special security. 


F. X.509 


Most public key certificates available today are based 
on an international standard ITU-T X.509 version 3. 

NIST has developed a hybrid architecture specification 
based on both a hierarchical and a network architecture 
model in the document, Public Key Infrastructure (PKI) 
Technical Specifications: Part C - Concept of Operations. 

This standard defines a certificate structure that 
includes several optional extensions. The use of X.509 v3 
certificates is important because a provides 
interoperability between PKI components. Provisions in the 
X.509 standard enable the identification of policies that 
indicate the strength of mechanisms used. 

The rules expressed by certificate policies are 
reflected in certification practice statements (CPSs) that 
detail the operational rules and system features of CAs and 
other PKI components. 

By examining a CA’s CPS, users can determine whether 


to obtain certificates from it, based on their security 
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requirements. Other CAs can also use the CPS to determine 
if they want to cross-certify with that CA. [Ref. 65] 

The ITU-T Recommendation X.509 defines a framework for 
the provision of authentication services. It describes two 
levels of authentication: simple authentication, using a 
password as a verification of claimed identity; and strong 
authentication, involving credentials formed by using 
cryptographic techniques. 

X.509 is an ITU Recommendation. Consequently, 
companies have implemented the standard in different ways. 
For example, both Netscape and Microsoft use xX.509 
certificates to implement Secure Socket Layer (SSL) in 
their Web servers and browsers. But an X.509 Certificate 
generated by Netscape may not be readable by Microsoft 


products, and vice versa. [Ref. 65] 


G. PKI 


Public Key Infrastructure (PKI) provides the means to 
bind public keys to eis owners and helps in the 
distribution of reliable public keys in large networks. 
Public keys are bound to their owners by public key 


certificates. These certificates contain information such 
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as the owner’s name and the associated public key and are 
issued by a reliable Certification Authority (CA). 

NIST has produced a Minimum Interoperability 
Specification of PKI Components [MISPC]. The MISPC was 
produced in cooperation with industry partners. The MISPC 
specifies a minimal set of features, transactions, and data 
formats for the various certificate management components 
that make up a PKI. The specification addresses certificate 
generation, renewal, and revocation; certificate 
validation; signature generation and verification; and 
other related issues. 

NIST is producing a Security Baseline document. The 
Baseline should help to establish operational practices and 
provide criteria for evaluating service and equipment 
offerings. 

The U.S. Federal Government Information Technology 
Services (GITS) board has established a Federal PKI 
Steering Committee to provide guidance to Federal agencies 
regarding the establishment of a Federal PKI. [Ref. 30] The 
Federal PKI Steering Committee sanctions approximately 
fifty PKI-related pilots throughout the Federal Government. 

NIST is coordinating with industry and technical 


groups developing PKI technology such as the Federal PKI 
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Steering Committee and its Technical Working Group (TWG), 
CommerceNet, Internet's PKIX, and the Open Group. 

NIST is also developing of a Reference Implementation 
and the initial implementation of a root Certification 
Authority (CA) for the Federal PKI. 

The initial implementation of a root CA involves the 
development of a procurement specification for a CA based 
on the MISPC and the procurement of an operational CA. 


[Ref. 48] 


H. CONCLUSION 


There is any number of standards or goals. for 
interoperability of computers at the Federal level. Each 
attempts to standardize meets the same conundrum, set the 
standard too rigid and no one will use it. Set the standard 
too loose, and it is not a standard. 

The author predicts that there will never be one 
universal standard that all participants agree to use. 
Rather, there will be baselines of interoperability and 
minimum security levels that participants agree to uphold. 
The Federal Government is a large player in the setting of 
standards based simply on the volume of business that 


Government transacts. Continuing to emphasize commercial 
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standards prevents Government agencies from developing 
expensive, proprietary solutions to common commercial 


concerns. 
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VI. STATE AND COMMERCIAL STANDARDS 


A. INTRODUCTION 


This chapter will survey the changes being proposed or 
already in force at both the state and commercial level. 

More than two thirds of state legislatures have either 
enacted, or are currently considering, legislation 
addressing issues raised by electronic contract formation. 
Additionally, the law that governs commercial contracting 
is being updated to account for changes in the commercial 
environment. 

This activity evidences the importance of the subject, 
and is an effective barometer for the electronic 
contracting climate as a whole. There are problems, 
however. 

Multiple authorities are writing statutes and case 
law is largely unsettled or non-existent. “There is little 
consensus on how to approach the subject. Moreover, several 
states have recognized that the subject requires more study 
before the appropriate legislative solution can be 
determined [Ref. 55].” 

For the most part, at least one state has considered 


or enacted legislation on some major issues surrounding 
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electronic contract formation. Since Federal courts may 
consider state law where no Federal legislation governs, 
there is a necessity to review state legislation to discern 
the patterns of legislation that may prevail in case of a 
dispute. 

The Uniform Commercial Code (U.C.C.) has governed 
commercial transactions Since its inception. It had a large 
impact codifying and standardizing interstate commerce and 
will have a large impact on electronic contracting. “In the 
United States, every state Government has adopted the 
[U.c.Cc.J. .. [Article 2B is] working to adapt the U.C.C. to 
cyberspace. .. The administration supports the prompt 
consideration of these proposals, and the adoption of 
uniform legislation by all states. White House Report, 
Framework for Global Electronic Commerce, (July 1, 


1997) [Ret :, 2457p. 3)” 


B. UTAH 


On March 10, 1995, the State of Utah enacted a Digital 
Signature Law, based upon a public key cryptosystem 
supported by a system of certification authorities. 

The legislation marks one of the earliest attempts to 


craft enabling legislation to create an electronic system 
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for authenticating electronic records. The legislation 
addresses time stamping as another means to certify and 
verify the receipt of a document in a legally acceptable 
and verifiable manner. “The laws by Utah and the state of 
Washington are considered the most comprehensive and serve 
as models for other states [Ref. 39].” 

The Act addresses concerns about the identity of the 
“sender or recipient of electronic communications and the 
proof of a signature. It creates a scheme based on public 
key cryptography, in which digital signatures are certified 
by a network of Government -licensed certerrication 
authorities. 

Its purposes are: 

e to minimize the incidence of forged digital 

signatures and enable the reliable authentication of 


computer-based information 


e to enable and foster the verification of digital 
Signatures on computer-based documents 


e to facilitate commerce by means of computerized 
communications. 


The Act creates Government-licensed certification 
authorities containing the name of the subscriber and the 


subscriber's public key. 
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In accepting the certificate, the subscriber certifies 
that each digital signature is valid. The subscriber 
certifies that no unauthorized person has access to the 
private key. The subscriber has to exercise reasonable care 
in retaining control of the private key and keeping it 
confidential. 

Under the Act, a digital signature is as valid a 
handwritten signature. The statute creates a presumption 
that a QGigital signature verified using a public key is 
attached with the intention of § the subscriber to 
authenticate the message and to be bound by the contents of 
the message. 

The presumption can be refuted by proof that the 
digital signature cannot be verified by reference to a 
certificate issued by a licensed certification authority, 
or that the subscriber lost control of the private key, or 
by evidence showing a lack of a signature at common law, or 
by evidence that reliance on the presumption was not 
commercially reasonable. 

“As of this writing, bills have been introduced into 
the State Legislatures of California and Washington State, 


closely resembling the Utah Digital Signature Law [Ref. 


3] _" 
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Cy OTHER STATES 


1. Introduction 


Other states have algo adopted legislation to deal 
with the coming wave of electronic contracting, filing, and 
registration that many hope will speed up the wheels of 
Government while at the same time increase accuracy and 
decreasing cost. 


2 California 


Bill 1577 provides the use of a digital Signature 
Shall have the same force and effect as the use of a manual 
Signature if it embodies all of the following attributes: 

* it is unique to the person using it 

e it is capable of verification 

e it is under the sole control of the person using it 


e it is linked to data in such a manner that if the 
data are changed, the digital Signature is 
invalidated ; 


e it conforms to regulations adopted by the Secretary 
of State. [Ref. 8] 
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3. Indiana 


Senate Bill 5a provides that a digital signature on a 
document received by or filed with the state is effective 
if: 

e it is unique to the person using it 

e it is capable of verification 

e it is under the sole control of the person using it 

e it is linked to data in such a manner that if the 

data are changed, the digital signature is 


invalidated 


e it conforms to regulations adopted by the State 
Board of Accounts. [Ref. 55] 


4. New Hampshire 


Senate Bill 207 provides that an electronic signature 
shall have the same force and effect as a manual signature 
if the signature is: 

e unique to the person using it 

e verifiable 

e under the control of the person using ae 


e linked to the data in such a manner that if the data 
is changed the signature is invalidated 


e conforms to administrative regulations. [Ref. 58] 
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5 Texas 


House Bill 984 establishes the equivalence of written 
and digital signatures and allows digital signatures to 
authenticate written electronic communications sent to 
state agencies. 

A person may attach ae digital signature to 
communications with State agencies if a digital signature 
is: 

e unique to the person using it 

e capable of independent verification 

e under the sole control of the person using it 

e transmitted in a manner that will make it infeasible 

to change the data in the communication or digital 
Signature without invalidating the digital 


Signature. [Ref. 6] 


6. Virginia 


Senate Bill 153 authorizes the use of electronic 
Signatures. The Act provides that the state and its 
agencies can use electronic signatures only if such 
Signature is: 

e unique to the signer 

e capable of verification 


e under the signer's sole control, or 


93 








e linked to the record in such a manner that it can be 
determined if the any data contained in the record 
is was changed subsequent to the electronic 
Signature is invalidated being affixed to the 
record, 


e created by a method appropriately reliable for the 
purpose for which the digital electronic signature 
was used. 

A judge may consider any other relevant and probative 
evidence affecting the authenticity and/or validity of the 
electronic signature. [Ref. 17] 

Senate Bill 923 provides for the legal recognition of 
electronic signatures and authorizes state agencies to use 


electronic signatures. [Ref. 17] 


Té Wisconsin 


Assembly Bill 100 permits the Department of 
Administration to accept electronic signatures concerning 
state construction contracts, bids and proposals, if the 
electronic signature embodies these five attributes; 


e the digital signature is verified by a certification 
authority 


e the person who is to receive the document consents to 
the use of the digital signature 


e the digital signature was created by a particular 
person 
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e the document to which the digital signature is affixed 
has not been altered since the digital signature was 
created 


e the digital Signature conforms to any rules 
promulgated by the Department. 


A digital signature that satisfies all of these 
factors would have the same force and effect as any other 
form of Signature. [Ref. 58] 


8. Kansas 


House Bill 2059 provides that a digital signature as 
be accepted as a substitute for and shall have the same 
force and effect as any other form of signature. The 
guidelines are: 


e intended by the party person using it to have the 
force and effect of a signature 


e unique to the party person using it 
e capable of verification 
e under the sole control of the party person using it 


e linked to data in such a manner that it is 
invalidated if the data are changed. [Ref. 5] 


9. Florida 


Senate Bill 942 authorizes the use of digital and 


electronic signatures for signing writings electronically 
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and authorizes the Secretary of State to act as a CA. [Ref. 
26] 

House Bill 1413 allows notaries public to perform 
electronic notarizations using a digital signature. In the 
event a notary's private key is compromised, the notary is 
required to notify the Secretary in writing and to request 
the issuing CA to suspend or revoke the certificate. 

The Act authorizes the Secretary of State to establish 
a voluntary licensure program for private CA's and to make 
rules necessary to implement and enforce the program. [Ref. 
58] 


10. Minnesota 


Senate Bill 173 provides for licensure of CAs, 
performance audits and investigations, requirements for and 
obligations of CAs, controls of private keys, suspension, 
revocation and expiration of certificates, eeeoanenaes 
reliance limits and liability, presumptions in adjudication 
of disputes, and standards for recognition of 
eee ee ee A 43] 


Additionally it is designed to: 


e facilitate commerce by means of reliable electronic 
messages 
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* minimize the incidence of forged digital signatures 
and fraud in electronic commerce 


e implement legally the general import of relevant 
standards, such as X.509 of the International 
Telecommunication Union 


e establish, in coordination with multiple states, 
uniform rules regarding the authentication and 


reliability of electronic messages. [Ref. 43] 


11. Mississippi 


House Bill 752 authorizes the Secretary of State to 
serve as the CA to verify the digital signature of any 
public entity in Mississippi. 

With the bill, digital signatures verified by a 
licensed certification authority will have the same force 
and effect as a written signature. [Ref. 58] 


12. Oregon 


House Bill 3046 authorizes the use of electronic 
Signatures and provides that they have the same force and 
effect as a written Signature. It also authorizes the 
Government to issue certificates for the’ purpose of 
verifying digital signatures and to suspend or revoke 
certificates. The Department is authorized to register 
certification authorities to ensure the integrity of 


digital signatures. [Ref. 58] 
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13. Washington 


Senate Bill 5308 provides that the Secretary of State 
is a CA, and that certificates issued by the Secretary have 
the same effect as a certificate issued by a licensed 
certification authority. It grants the Secretary 
discretionary authority to adopt rules to govern CA’s and 
repositories. It also addresses suspension and revocation 
of licenses. [Ref. 27] 


14. New Mexico 


House Bill 516 provides 

e a centralized, public, electronic registry for 
authenticating electronic documents by a public and 
private key system 


® promotes commerce 


e facilitate electronic information and document 
transactions 


An "office of electronic documentation" is established 
under the Secretary of the State to maintain a register of 
public keys. The Secretary of State is required to adopt 
regulations to accomplish the purposes of the act, and may 
contract with a private, public or quasi-public 


organization to provide services under the Act. [Ref. 7] 
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15. Illinois 


House Bill 597 applies to communications with 
Financial institutions to give electronic documents and 
Signatures the same force and effect as their manual 
counterparts. 

The Act also amends the Criminal Code to provide that 
unlawful use of an electronic signature constitutes a 
forgery punishable as a felony. [Ref. 58] 


16. Louisiana 


House Bill 294 provides for the admissibility into 
evidence of promissory notes and certain other records 
relative to financial institutions that contain signatures 
created and stored electronically or digitally. 

If any such record has a signature electronically or 
digitally rendered, any printout or other output readable 
by sight, accurately reflecting the data, will be deemed an 


original. [Ref. 58] 


D. UNIFORM COMMERCIAL CODE 


at Introduction 


Article 2 of the Uniform Commercial Code (U.C.C.) 


governs the sale of goods in the United States. Its 
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relevance has been enhanced by judicial extension to the 
licensing of commercial software products as the practical 
equivalent of a sale. [Ref. 5i;p. 10] 

The original U.C.C. was written and codified more than 
half a century ago and accepted by all states except 
Louisiana. Most state commercial codes were also drafted at 
about this time. Since then, the whole idea of electronic 
commercial transactions has arisen. 

Although written as a flexible standard, the U.C.C. 
does not adequately address electronic transactions. The 
various codes impacting purchasing transactions were drawn 
before computers had commercial impact. [Ref. 35] That is 
why the U.C.C. is undergoing a substantial review. 

The legal organizations that sponsor the U.C.C. are 
nearing the end of a major revision and expansion of it. 
When the revisions end, it will have left only one of the 
original nine articles in the code untouched and will have 
added three new ones. [Ref. 12] 


2% U.C.C. Committee 


The American Law Institute (ALI) and the National 
Conference of Commissioners on Uniform State Laws (NCCUSL) 


want to change to accommodate and update the code to 
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reflect “new legal thinking, new technology, and he. 
transition from an economy based on manufacturing to one 
built on services and information [Ref. 12].” 

Under NCCUSL rules, the National Conference must 
consider any proposed new Article 2, section by section, no 
less than twice before deciding to approve it. A majority 
of states present, each with one vote, must approve the 
draft and there must be at least twenty approving 
jurisdictions. Representatives may submit proposed code to 
the ABA for its consideration. [Ref. 44;p. 4] By design, 
this is a lengthy process to ensure that the issues 
addressed are substantive and that recommendations are 
based on sound legal thinking and can be _ properly 
implemented. 


3. Article 2B 


Article 2B deals with information transactions. It 
focuses primarily on software, on-line and Internet 
commerce information and licenses for data, text and 
Similar materials. However, it is also a contract statute. 
As such, it deals with contractual relationships. 

Article 2B provides a framework for contractual 


relationships among participants. Article 2B attempts to 
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distribute risk and benefit among the various parties who 


are conducting their business electronically. [Ref. 45;p. 


40] 


a) Authentication 


The term “authenticate” replaces “signature” or 
“signed” in 2B. The section expands the traditional concept 
of signature. The aim of the drafters is to remain 
technologically neutral. This neutral approach is endorsed 
by Federal Government reports on electronic commerce. 

Encryption and other technologically enabled acts 
can be used to achieve a Signature. The critical factor 
lies in the intent of party making the authentication. 

Statutes in some states give special recognition 
to digital signatures that rely on a specific encryption 
technology and a certification or licensing system. The 
procedures in those statutes qualify as authentication for 
Article 2B. 

Any execution of a symbol with the intent to sign 
that would be a Signature under prior law, is an 


authentication under Article 2B. 
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Authentication can have various effects. Absent 
circumstances indicating a different intent, an 
authentication: [Ref. 45;p. 32] 

e establishes the parties identity 
e the acceptance of the record or term 
e the acceptance of the contract 


e confirms the integrity of the records or terms as of 
the time of authentication. [Ref. 45;p.75] 


b) Authentication Liability 

An electronic authentication is attributable to 
person A if it was the action of A, A’s human agent, or A’s 
electronic agent. 

Liability arises if B, in accordance with a 
reasonable attribution procedure for identifying A, in good 
faith coneluded that a message or action was an act of A, 
A’s agent, or A’s electronic agent. Attribution is 
necessary because both parties need to be able to rely on 
the identity of the participants. 

A is liable for losses if the losses occur because A 
failed to exercise reasonable care; B reasonably relied on 
the belief that A was the source of an authentication: B’s 


reliance resulted from acts of a third person that obtained 
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access numbers, codes, computer programs, or the like from 
a source under the control of the person that failed to 
exercise reasonable care; and the use of the access 
numbers, codes, computer programs, or the like created the 


appearance that it came from A. [Ref. 45;p. 69] 


c) Attribution 

Attribution may include various approaches, 
including algorithms, codes, identifying words or numbers, 
encryption, or other reasonable security device. 

A court determines commercial reasonableness of 
an attribution procedure. To make this determination, the 
court can look to several factors. One way the court can 
determine commercial reasonableness is if the process is 
established by law or regulation. If it is, the court can 
assume it is commercially reasonable. 

Another factor a court can look to determine 
commercial reasonableness is to review prior course of 
dealings and the circumstances surrounding the transaction 


at the time the parties agree to adopt the procedure. [Ref. 


45] 
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d) Electronic Formation 


Section 2B-113 states a fundamental principle of 
electronic contracting. “A record or authentication may 
not be denied legal effect, validity, or enforceability 
solely on the ground that it is in electronic form [Ref. 
AGeDy 65) 4" 

It stems from digital signature and electronic 
Signature law in several states. The mere fact that a 
message or record is electronic does not alter or reduce 
its legal impact. 

This principle is restricted to the scope of 
Article 2B. It does not necessarily deal with other legal 
instruments necessary for electronic commerce. Under 
Section 2B-103, the subject matter of those other areas is 
excluded from Article 2B.[Ref. 45;p. 67] However, the 
Federal Rules of Evidence and numerous court cases on the 
subject should form the basis for the legal sufficiency to 


conduct business electronically. 


e) Electronic Agency 


The draft develops a system where either no human 


decision is necessary or a human interacts with a computer 
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for the processing of a legal contract. It relies on an 
offshoot of the concept of agency. 

Electronic acu: can form the contract. The 
specific terms of the contract are determined under Section 
2B-209(b). A contract is formed by an electronic agent and 
an individual if the individual has reason to know that 
they are dealing with an electronic agent. The example 
given is if a person telephones in an order and connects to 
a computer. If the individual takes actions that cause the 
agent Co perform or accept, a contract is formed, 
regardless of other expressions oor actions by the 
individual to which the electronic agent cannot react. 

The last part of the clause is so that a human 
cannot order something and predicate payment on a new term 
or condition that the computer is not programmed to 
understand. This also aligns with the usual notions of 
terms and conditions in use now. The terms of a contract 
formed under this paragraph are determined under Section 


2B-207 or 2B-208. 


£) Electronic Mailbox Rule 


An electronic message is effective when received 


even if no individual is aware of its receipt. If an 
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electronic message sent by a party evokes an electronic 
message in response, a contract exists when a response 
Signifying acceptance is received or if the response 
consists of furnishing the information or access to the 
information, when it is received, unless the originating 
message required acceptance in a different manner. [Ref. 


45;p. 75] 


g) Parole Evidence 

Section 2B-301 addresses parole evidence. The 
basic requirements of parole evidence remain unchanged. If 
participants sign a contract with a merger clause, the 
final record cannot be contradicted but it may be explained 
or supplemented by prior course of dealings and consistent 


additional terms. [Ref. 45;p. 103] 


E. CONCLUSION 


The state and the U.C.C. approaches are both concerned 
with issues of positive identification of the participants. 
Most of the basic contract formation principles have been 
left intact with only minor modifications to account for 
the transmission medium. 

The U.C.C. focuses on the intent of the parties. If 


the parties intend to be bound, they will ordinarily be 
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held bound. [Ref. l11;p. 4] In general, parties are able to 
do business with each other on the Internet under the terms 
and conditions they agree upon. Participants in electronic 
contracting, through legislative statute and U.C.C. 
revisions, are developing a framework to achieve 
predictable and accepted legal principles to support 
electronic commercial transactions. 

State legislatures and the drafters of the U.C.C. are 
promulgating proposed standards and contracting paradigms 
to enable participants to predict what effect their 
agreements might have when evaluated by a court. Many of 
these efforts are in the nascent stages. Many questions 
remain concerning how a court will evaluate participants 
conduct and understandings in case of a dispute. Any Agency 
initiating an electronic contracting procedure will have to 
deal with large amounts of uncertainty until case law and 


precedent flesh out the proposed legal frameworks. 
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VII. ANALYSIS 


A. CONTRACT LAW 


The change to an electronic contracting environment 
from a paper-based system does not necessitate changes in 
the underlying legal theories and principles. The primary 
change is in the method of transmission, and not in the 
‘rudimentary formation concepts. Legal documents transmitted 
across the open architecture of the Internet will require 
certain security safeguards be in place and maintained in 
order to satisfy formation issues and evidentiary issues. 

Cryptological procedures currently exist that can 
solve the security problems. Rules of evidence already 
account for introducing electronic evidence. Commercial 
transactions are already being consummated across’ the 
Internet. State legislatures are building a foundation for 
electronic commerce at the state level. Commercial 
concerns, as embodied by the U.C.C. are addressing the 
issues that impact electronic contracting transmission. 

In creating a uniform law for electronic contracting, 
NCCUSL is keeping the elements of contract law and 
commercial law relatively intact. The primary changes are 


in the method of delivery or transmission of the final, 
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agreement and not in the formation of the agreement. This 
is in accordance with the idea of a bilateral electronic 
relationship wherein only the method of transmission has 
changed significantly. That change has necessitated a 
change in the validation procedures needed to ensure a 
contract is formed. As long as the goal of the electronic 
contract does not breach fundamental concepts of contract 
formation (e.g. competent parties, legal aim) and the 
messages transmitted are adequately secured, the resulting 
electronic contract should be binding and legal. 

For agencies looking to adopt electronic contracting 
policies, their focus can be on the transmission aspects 
and their answers will be mostly in the realm of their 
information technology (IT) group and not the _ legal 
department. Maintaining up-to-date market information about 
the latest technology and implementation procedures will be 
a key aspect of any implementation plan. An Agency will 
best be served with a plan that allows modular updates to 
processes and procedures to account for the technology 
enhancements that are sure to come in the future from the 
commercial sector. A modularized plan, in essence planning 
for obsolesce in consonance with legislative direction on 


modularized computer hardware purchasing, will be the best 
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approach to maintain the balance between new technology 
insertion against the Agency need for procedural stability 
that the workforce can rely on. 


1. Evidentiary Requirements 


Both parties must agree to the terms and conditions of 
a contract or a party can raise question whether they 
formed a contract in the first instance. Both parties have 
to be certain as to what they are agreeing to in order to 
have the gequiaive intent to form a contract. If parties 
negotiate on the Internet without proper security, there 
may be doubt as to what they agreed to and what terms and 
conditions control since there will be no paper print out 
of the final agreement. 

Agencies can solve this problem using available 
cryptography techniques that can indicate whether a 
document has remained unaltered and that a particular agent 
has signed/authenticated an electronic document. This is 
important to an Agency with multiple buyers and multiple 
buys. The Agency must develop and maintain sound business 
practices for establishing when an electronic contract is 


formed that binds the Government. 
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Where previously a paper document served the legal 
purpose of representing the agreement, now the Agency’s 
computer operation and storage procedures will represent 
the agreement. The paper contract will just be a 
representation of what is stored in the computer. If a 
dispute arises and the Agency has electronic contract 
procedures in place, a court will not deny the agreement 
legal effect solely because the agreement is in an 
electronic form. The court can now look to how the Agency 
handles and secures the messages. If the Agency can prove 
they have a sound computer operation and storage system, 
they should prevail in a dispute about terms” and 
conditions. 

The rules of evidence used to prove the validity and 
unaltered status of an electronic contract are not overly 
burdensome. The Agency IT scheme must be able to satisfy 
those rules or an electronic contracting scheme will not 
work. Agency needs for what IT storage and transmission 
plans work will be different from Agency to Agency. For 
example, a distributed client/server arrangement will 
require a different approach than a mainframe UNIX system 
or any combination of client/server and mainframe currently 


in use. 
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Whatever IT solution is available or used, 


must be able to document the 


generation, encryption/decryption 


light of the rules of evidence 


electronic system of contracting. 


the Agency 


full gamut of message 
and storage in place in 
before embarking on an 


The Agency should seek 


legal counsel and IT expert advice concerning the 
legitimacy and sufficiency of their IT strategy for 
electronic contracting. 

In the same vein, the idea of an original document 


loses meaning in an electronic contracting environment. 


Unlike in the paper world, where B receives a paper 


document from A, in an electronic environment, the contract 


1s a copy of the message transmitted by A. Any Agency 


requirement for original documentation is met by an 
electronic message when there is a reliable assurance, 
usually cryptologically based, for the integrity of the 


information from the time when it was generated as an 
electronic message to delivery of the message. Maintaining 
the integrity of the message overlays with the ideas behind 


the rules of evidence for messages. 
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ye Attribution 


An offer and acceptance may be sent by electronic 
messages and may form the basis of an electronic contract 
depending on the circumstance surrounding the attribution 
procedures involved. U.C.C. Article 2B envisions methods 
for attributing a message to a party. Proper attribution 
procedures are necessary as a measure of intent of the 
parties. 

Between A and B, B is entitled to regard a data 
message as being from A, and to act on that assumption, if 
B can prove the message was sent by A by previously agreed 
to means and the message was really sent by A or A’s agent, 
electronic or human. These requirements and ideas track 
very closely with current, applicable state laws on the 
matlrcer.. 

An attribution rule, by operation of law, is 
appropriate where one party uses one of the more usual 
cryptology methods to assure the authenticity and 
reliability of a electronic message and the other party 
reasonably relies oon such procedures, without prior 
agreement. The current, more usual cryptology methods are 


DES, RSA, PGP and variations of DES with IDEA or SKIPJACK. 
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An Agency must be careful how it accepts messages and 
attributes them back to the sending party. In order to 
ensure there are no senator problems, an Agency would be 
wise to only accept particular encryption strategies. Since 
the U.C.C. rewrite is suggesting that a contract can be 
formed when a party receives the message and the previous 
paragraph sigaeses that a rule of law will find attribution 
reasonable absent some previous agreements, the best way to 
mitigate attribution risk is to develop an interchange 
agreement and a PKI agreement that specifically addresses 
attribution procedures and then follow those procedures and 
those procedures Sule, 


3. The Laws of Agency 


The concept of agency and apparent authority is 
retained and extended in the electronic contracting 
environment. An agent can be a person or a computer if both 
parties are aware and agree to those conditions. This is 
important for an agency considering expedited contracting 
procedures in such areas and basic ordering agreement (BOA) 
orders. If a computer generates a requirement and sends the 
requirement to ewe BOA holder, a contract is formed. This 


will decrease workload for routine orders only to the 
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extent that the computer generates requirements without 
error. Conversely, contracting officers may eventually be 
dealing with computer ordering agents when buying goods for 
the Government. A contracting officer who attempts to 
include Government specific clauses may find that a court, 
in accordance with the U.C.C. 2B rewrite, holds that the 
clauses were not incorporated into the agreement because 
the other party’s computer was incapable of agreeing to the 
clauses. 


4. Authentication 


The law requires certain contracts must be in writing 
and signed before the contract is enforceable. For some, a 
document in electronic form may simply not be regarded as 
valid to achieve its legal purpose. [Ref. 20;p. 107] 
Alternatively, it may carry less weight as evidence in a 
court of law, or may not be capable of being used at 
all.[Ref. 20] These are the problems of authentication and 
admissibility in an electronic contracting environment. 

The Digital Signature Guidelines published by the 
Information Security Committee Science and Technology 
Section Of the American Bar Association defines 


authentication as “A process used to ascertain the identity 
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of a person or the integrity of specific information. For a 
message, authentication involves ascertaining its source 
and that is has not been modified or replaced in transit 
[Ref. 24;p. 28].” 

The traditional rationale for authenticating a 
document is to make sure that the document is what it 
purports to be in order to prove a relationship between it 
and an issue a litigant wants to establish. Differences in 
the storage and retrieval of computer printouts, as opposed 
to that of conventional business records, warrant a special 
inquiry from a court. 

A court can use authentication to establish the 
parties identity, the acceptance of the term or contract, 
or to confirm the integrity of the terms as of the time of 
authentication. [Ref. 45;p. 74] 

Authentication can be broken down into three basic 
schemes. First, there is user authentication. Second, there 
is host authentication. amine there is message 
authentication, which permits documents to be destiny 
Signed--allowing them to be traced back to the sender and 
preventing them from being changed in transit.[Ref. 63;p. 


87] 
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One approach to authentication in the third instance, 
is FRE 901(b)(9), which provides that technological 
evidence can be supported by "evidence describing a process 
or system used to produce a result and showing that process 
or system produces an accurate result. [Ref. 32]” 

In “The Law of Electronic Commerce”, Benjamin Wright 
cites the Advisory Committee Note to FRE 901(b) (9) for the 


purpose of this rule: 


[Tlhis rule is designed especially for computer 
business records. Thus, competent testimony 
identifying, describing the Lunceion of, and 


confirming the accuracy of a computer system that 

produced a message or record is sufficient to 

authenticate the message or record. It is not 
necessary to bring the computer system itself into the 

courtroom for a demonstration. [Ref. 64] 

In the discussion of the hearsay rule and business 
records exception, an evidentiary foundation is required 
before a court will admit computerized records under the 
business records exception. However, FRE 901 sets forth 
other, slightly looser, methods of assuring that a piece of 
evidence is authentic. This aids the Agency that wants to 
move to electronic contracting, but only if they are able 


to attest competently to the functions and accuracy of the 


computer system that produced their contract. 
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For authentication to work at a Federal Agency, 
several internal activities will have to be coordinated. 
Legal counsel, the IT department, requirements generation 
sections and the contracting department will need to 
interweave their efforts and develop business practices 
that a court will find reasonable. 

Electronic messages that form the basis of the 
‘requirement will have to have adequate security. Those 
messages will have to be securely stored with any access 
duly noted or logged. There will have to be an electronic 
trail that shows how a requirement was formed, negotiated, 


agreed to and eventually contracted for. 


B. SECURITY 


Technology and cryptology can provide immediate 
verification of receipt, and verify that no defect in 
receipt has occurred. Two of the most widely news hash 
algorithms are the MD5 message digest algorithm RSA and the 
Secure Hash Algorithm (SHA) developed by NIST and NSA. 
necuniae no one discovers a flaw to either algorithm, it is 
unfeasible to take a hash value produced by SHA or a 
message digest produced by MD5 and work backward to find 


the input data. If A sends a file and the file generates an 
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MD5 or SHA fingerprint, and B runs the same hash algorithm 
on the file and gets the same result, the file is intact 
and unchanged. 

This is the basis of attribution and authentication in 
the electronic environment. An Agency should have little or 
no problem with the validity of an electronic contract 
provided the Agency has planned for the proper 
cryptological security. 


Ls Digital Signatures 


Under the U.C.C. and the GAO, a Signature includes any 
symbol executed or adopted by a party with intention to 
authenticate a writing. Draft U.C.C. Article 2B uses the 
term “authenticate” instead of “signature”, but the effect 
of what a signature means or does is only broadened. 

Many states have already passed or are considering 
some form of digital signature legislation. Likewise, most 
of the new major online electronic commerce initiatives are 
based on digital signatures. 

Digital signatures provide reliable authentication and 
document integrity that can exceed the reliability provided 
by traditional paper-based methods. Current legislation at 


the state and commercial level is staking out the positions 
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that identify when, and under what circumstances, the law 
will recognize such enhanced reliability. These are some of 
the areas that an Agency will need to maintain a high 
degree of mark 


2. CA Risk 


An assumption surrounding PKI is that third party CAs 
would handle the intermediary function of identifying 
parties to a contract. The CA would certify identities to 
allow participants to conduct business without ever 
meeting. There is a large, uncertain liability exposure 
that could prevent the emergence of commercial CAs. 

There simply is a limit to what xX.509 and the CA 
paradigm can offer regarding certificate reliance and 
certificate content reliance. 

The CA could take every reasonable step to confirm 
identity, but still issue an erroneous certificate. A 
criminal could impose losses on a large number of third 
parties who would rely on an erroneous certificate. If 
every party who relied on the certificate had a claim 
against the CA for losses, the CA's potential liability 


could be enormous. 
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Without legislative relief, CAs would be forced to go 
to extraordinary lengths to confirm identity, at a high 
cost, even when the participants may have accepted a less 
thorough and less expensive certificate. 

One last issue is that CAs have little or no control 
over the care a subscriber takes in protecting their 
private key. If CAs bear liability to third parties for 
‘stolen certificates, it will be reflected in the price of 
certificates, which might then be uneconomically high. 

CAs face exposure if their private key is compromised. 
Once the compromise is discovered, all certificates issued 
by that CA would have to be revoked and new certificates 
issued, imposing costs on all of the subscribers of that 
CA. If CAs face liability for these potentially immense 
losses, entrepreneurs might choose not to enter the CA 
business at all. 

Additionally, there is the issue of maintaining the 
CSL. If a subscriber checks a signature against an out-of- 
date or ‘incorrect CSL, there is potential liability for the 
CA absent some legislative relief or definition of a 
minimum acceptable level of how a CSL can be maintained in 


a commercially reasonable fashion. 
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The ABA Committee released its "Digital Signature 
Guidelines” which set out duties for CAs, subscribers, and 
relying parties. Many states are using similar concepts 
that attempt to quantify and qualify where risk begins and 
ends for the CA, the subscriber and third party 
participants. The legal decisions that have affected VAN 
liability may spill over into this forum when the first CA 
case is decided. The tee is far from decided and agencies 
must exercise care in deciding how to frame a CA 
arrangement. They must also consider the liability question 
if they choose to be their own CA and issue certificates 
internally. 


3. x.509 


The purpose of a CA is to bind a public key to the 
name contained in the certificate and assure third parties 
that this binding is valid for both the name and key. To 
that end, X. 509 has been generally adopted as a mechanism 
for binding identities to keys. 

The issue of exactly how completely linked the name 
and key is, is outside the scope of X.509 and depends on 
each CA's self-defined Certification Practice Statement 


(CSP) . 
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X.509 is based on X.500, a naming scheme, but X.500 is 
not completely defined. X.500 was designed to be a global 
database of everything connected to computers. An analogy 
can be made of a telephone book with a listing for every 
connected computer terminal. To handle a database of that 
size, the architecture developed as a distributed database, 
maintained by multiple people, held in multiple locations. 

To specify who had authority to change which portion 
of this distributed database; the X.509 certificate was 
designed, linking a public signature key to the distributed 
database. 

X.509 has evolved from a mechanism for proving 
permission to modify a node in the X.500 data structure to 
an identity certificate. This is where an Agency must use 
caution and common sense when implementing their electronic 
commerce. X. 509 is the standard identification mechanism, 
however it is not complete and has some drawbacks. 

X.509 depends on many other standards such as_ ISO, 
ANSI, ITU, and IETF and all those standards must be read in 
total to really understand what X.509 does. This has left 
room for many different interpretations of X.509. 

Because there is room for interpretation, companies 


have implemented the standard in different ways. Both 
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Netscape and Microsoft use X.509 certificates, but an X.509 
Certificate generated by Netscape may not be readable by 
Microsoft products, and vice versa. DISA’s purchase of 
Netscape for Agency use may have solved the problem for a 
Federal Agency about which system to choose for themselves, 
but agencies will have to conduct business with the 
commercial sector, and the interplay of certificates may 
become a problem then. 

X.509 allows CA's practices and policies to be 
predicated upon self-regulation on the issues of trust and 
trust management. X.509 certificate is essentially a 
business practice whose meaning and validity strongly 
depends on the individual CA. Moreover, participants may 
trust the confirmation procedures of the CA during 
certificate reliance, but they cannot rely upon 
certificates for other than their value as a representation 
of the CA's authentication management act expressed in the 


CA's own terms and rules in the CSP. 
Cz FEDERAL REQUIREMENTS 


Recent legislation proposed at the Federal level 
adopts the Utah/ABA Guidelines model with an added twist: 


key escrow. Under these proposed laws, CAs not only serve 
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to bind subscribers to their public encryption keys used 
for authentication purposes, but also serve as key escrow 
agents, verifying the saeremine of keys used for 
confidentiality purposes. Key escrow is a method for the 
Government, notably NSA, to keep for themselves or a third 
party, what amounts to an encryption skeleton key that 
could be used to unlock encrypted message traffic. NSA 
claims necessity for escrowed keys in case of terrorism or 
other threats to national security. They want to keep the 
ability to decrypt messages that identify illegal 
activities much like a wiretap on a phone. Many groups 
attempting to do business on the Internet have ridiculed 
the idea and vilified NSA and NSA encryption products in 
the process. Cryptographers have alleged that DSS and DSA 
are faulty. Most of industry had tried to get the RSA 
algorithm to be the standard for digital signatures. NSA 
preferred DSA because, unlike RSA, DSA does not have 
encryption capabilities. This demonstrates NSA’s great 
sensitivity to cryptography having an encryption function. 
The dispute highlights a critical concern commercial 
activities have with Government, particularly NSA, 
involvement on the Internet. For commercial activity to be 


successful, the messages that contain important proprietary 
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data or pricing must remain secret. For NSA, secrets pose a 
risk to national stability. The legislative pendulum has 
swung back and forth on the issue. 

For example, President Reagan issued the National 
Security Decision Directive (NSDD) 145 in 1984. The Reagan 
directive gave NSA control over all Government computer 
systems containing "sensitive but unclassified" 
information. This was followed by a second directive that 
extended NSA authority over non-Government computer 
systems. 

In 1987, Congress enacted a law reaffirming that NIST 
was responsible for the security of unclassified, non- 
military Government computer systems. Under the 1987 law, 
the role of NSA was limited to providing technical 
assistance in the civilian security realm. Congress felt 
that it was inappropriate for a military intelligence 
Agency to have control over the dissemination of 
unclassified information. 

In 1989, NSA signed a Memorandum of Understanding 
(MOU) which purported to transfer back to NSA the authority 
given to NIST. The MOU created a NIST/NSA technical working 
group that developed the controversial Clipper Chip and 


Digital Signature Standard. Both of these standards were 
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attacked because they were either not very strong or 
allowed NSA a trapdoor to be able to decipher encrypted 
material. 

The NSA has worked to weaken the mandate of the 
Computer Security Act. In 1994, President Clinton issued 
Presidential Decision Directive (PDD) 29. This directive 
created the Security Policy Board, which has recommended 
that all computer security functions for the Government be 
merged under NSA control. 

NSA is less concerned about cryptography being 
unbreakable for commercial use because they feel that this 
will allow illegal activity to go on without the Government 
being able to intervene. To be useful commercially on the 
Internet, though, secure document need to have strong 
encryption to prevent competitors from gaining access to 
the information. NIST is caught in the middle. They are 
proponents for the commercial applications, but they also 
must be face the political reality that NSA has a very 
strong voice in encryption policy. 

The NSA is the prime driver to maintaining weakened 
encryption standards. Their position is understandable. As 
the military representative to encryption policy, they need 


only look back to WW II to see just how important 
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cryptology was to the successful execution of a war. Their 
position is that they need access and control in order to 
keep illegal acts from being hidden behind secure 
cryptology. 

NSA efforts to control cryptology may be too late. 
The encryption cat is out of the bag. There is no reason to 
believe that non-US sources will abide by any sort of 
weakened standards that are set in the U.S. Their 
recalcitrance serves only to put U.S. companies at a 
disadvantage worldwide. GAO, the Government's watchdog 
Agency, told Congress, 

The intelligence community appears to be insisting 
upon the development of a different standard for U.S. 
industry for electronic communications between it and 
the Government. This separate standard is weaker than 
what is commercially available, is an added burden on 
commercial activities and raises the question whether 
any practical purpose would be served by the 
requirement. [Ref. 42;p. 1] : 

There is little or no chance that NSA will recuse 
themselves from making policy either directly or through 
joint activities that NIST and NSA share. NIST will not 
have a free hand in developing commercial standards as long 
as they are entangled with NSA. An Agency developing an 


electronic contract will have to operate in the fine line 


between commercial applications that extend security and 
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military oversight that reigns in applications. An Agency 
seeking to implement a commercially acceptable, not 
Federally sanctioned electronic contracting scheme may find 
an ally in NIST, but will most certainly find NSA unmoved 
if the contracting scheme involves commercially strong 


security. 


D. INTERSTATE COMMERCE 

The essential nature of electronic commerce challenges 
the notion of state boundaries as division points for 
different commercial rule systems. 

At the Agency level, questions remain about how 
electronic contracting will affect jurisdictional issues in 
the event of a dispute. Because the Internet is so wide 
ranging, most users will not be aware of the distributive 
possibilities of their actions or necessarily intend a 
contact or presence in a particular location, which 
normally determines the forum jurisdiction. Defining where 
acts and people exist for such purposes becomes harder and 
makes increasingly less sense in cyberspace. To reduce 
risk, an Agency should consider establishing a choice of 


forum clause in an interchange agreement that establishes 
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which forum will hear any dispute that arises from the 
contract. 

When it comes to the information technology sector of 
the economy, Utah is not the average state. Although the 
concentrations of the information technology industry are, 
predictably, in the states of Washington, California, Utah 
is a close third. According to the Utah Information 
‘Technologies Association, Utah currently ranks second in 
the world as the largest computer software development 
center. A Wirthlin Group survey determined that Utah has 
several thousand information technology related businesses 
in various developmental stages. [Ref. 57] 

The State oof Utah developed the first digital 
Signature legislation. Under the Act, a Government Agency 
assumes the obligations of being a CA and, as such, is 
charged with policymaking, facilitating implementation of 
digital signature technology, and providing regulatory 
oversight of private sector CAs. 

Licensing under the Utah Act is voluntary; however, 
licensed CAs are offered certain legal benefits, primarily 
limited liability. The Act imposes detailed duties on CAs, 
subscribers, and relying parties that are consistent with 


ABA Guidelines. In addition, it allocates liability among 
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these parties and gives special legal status to digitally 
Signed documents created using the services of a licensed 
CA. 

Being the first legislation out of the blocks, a 
number of states turned to the Act as model digital 
signature legislation, a process encouraged by the drafters 
of the Utah law. After enactment of the Act, digital 
signature legislation based on the Utah law was proposed in 
several states. The Act proved influential even when not 
expressly followed. For example, California considered and 
then rejected the Utah model, enacting a non-technology- 
specific bill designed to address transactions with 
Government entities. 

Not all legislative bodies use the Utah/ABA 
Guidelines. Several states enacted legislation that 
addressed "electronic signatures" and other non-public key 
methods of authenticating electronic transmissions. 

The implication for an Agency is that they must 
confirm in the interchange agreement and the PKI agreement 
which model will be used for signing a message in 
electronic contracting environment between the parties. 


Although the Utah approach is predominate now, there are 


132 





many different approaches to digital signatures available 
today and in the future. 

Since an Agency can do business across all 50 states, 
the Agency must establish the legal environment that they 
are operating in and which rules apply. An Agency can agree 
to abide by the digital signature scheme in place in the 
state of the other party or they can attempt to negotiate a 
blanket digital signature arrangement with all parties in 
all states. If the Agency develops a single policy for 
digital signature usage and incorporates the policy in 
their interchange and PKI agreements, the problems with key 
management and digital signature will be greatly 


simplified. | 


E. CONCLUSION 


The challenge for contract law lies in accommodating 
the decline in the medium of paper as a means of reflecting 
and eeaciaagas contractual agreements. The traditional 
paper document has performed many functions as evidence of 
agreement, aS an authenticated document signed by the 
parties, as a means of fixing the time of agreement and the 
point at which the liability of the parties arose. The need 


has not changed, only the methodology. 
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If electronic commerce is not going to be limited to 
highly structured transactions between well-known and 
trusted parties, other solutions must be developed to 
create an effective legal framework and electronic 
infrastructure. 

This is not the first time that technology has pushed 
at the legal boundaries. As hand written contracts moved on 
to the typewriter, there were calls that the authenticity 
of the document was in question because the document no 
longer reflected the drafters script in long hand. Instead, 
a mechanical device, with all the requisite opportunity for 
forgery, was being substituted for a time-tested method of 
hand-written document preparation. Telegrams, telexes, and 
faxes, all introduced faster and more efficient 
alternatives to traditional methods. All were eventually 
adapted and adopted into the legal mainstream as_ the 
benefits to commercial activity were realized. 

Contracting on the Internet, however, challenges such 
time-honored paper-based doctrines as contract formation, 
authenticity, verifiability and admissibility. 

Each of the previous technologies resulted in a paper 
document, and, as such, did not require any reconsideration 


of what a legally effective document looks like. Where 
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electronic contracting on the Internet is going, there is 
no paper. 

The new computer technologies are not just more 
efficient means of communicating paper. Instead, these new 
technologies permit the negotiation, agreement, 
distribution and storage of documentation without ever 
resorting to paper. This represents the first real 
challenge to the underlying infrastructure of traditional 
commerce. requiring the legal community to implement 
appropriate new standards for legally effective electronics 
documents. 

As the previous chapters have illustrated, there are 
numerous levels for discussion and multiple authorities 
with a myriad of opinion on just how electronic contracting 
on the Internet can work. The debates are only Just 
beginning, and there will be numerous drafts and revisions 
of thought until, after several years, there is a 
confluence of reasoned legislative opinion, commercial 
activity and judicial interpretation into a substantive 
body of knowledge for contracting on the Internet. 

Until that time, Federal agencies attempting 
electronic contract on the Internet will be breaking new 


ground with each contractual agreement. 
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One avenue an Agency can use to reduce exposure to 
risk is to develop interchange agreements and PKI 
agreements spelling out Mapiiaedes and responsibilities 
before hand. After agreements are signed, both parties 
would be responsible for ensuring that their agreements are 


updated to reflect current technology and legal thinking. 
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VIII.CONCLUSIONS AND RECOMMENDATIONS 


A. SUMMARY AND CONCLUSIONS 
iL What contract formation and authentication 
requirements are there to using the Internet for 
Government contracting? 

The underlying contract formation issues have not 
changed by executing a contract electronically. The 
principal difference between a paper and an electronic 
contract is the method of transmission. The electronic 
contract has unique requirements during transmission to 
ensure that no changes occur. There are little or no 
hurdles to using the Internet for Government contracting. 
An Agency must expend effort maintaining adequate 
electronic records to meet evidence guidelines for storage, 
audit trail and maintenance. The rules of evidence already 
cover electronic records. 

The technologies are in place both commercially, and, 
with the DISA purchase of NETSCAPE, at the Federal level to 
preclude interception or modification of any material while 
it is routing through the many nodes of the Internet. 
Numerous state legislatures are forming a framework to 


incorporate legal, electronic signatures. All standards 
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being 





developed share a common basis to determine 


admissibility: 


it is unique to the person using it 

it is capable of verification 

it is under the sole control of the person using it 
it is linked to data in such a manner that if the 
data are changed, the digital signature is 


invalidated 


it meets some measure of state or commercial 
oversight authority. 


Adequate security measures are available to ensure 


that parties are who they say they are for authentication 


purposes. 


Ze 


What are some of the areas of contract formation 
and rules of evidence that need to be addressed 
before implementing a system of contracting on 
the Internet? 


One area of evidence that needs to be addressed is how 


a document is securely transmitted across the open 


architecture of the Internet. Current cryptology answers 


that question irrefutably with the newest breed of 


encryption algorithms. PKI, with the implementing 


convention of a public/private key, allows users to 


transmit secure documents. A hash function secures 


identities to electronic records. 
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34 What security measures exist that could aid 
security in electronic contract formation on the 
internet? 

RSA is fast becoming the commercial choice for 
companies using the Internet for secure transactions. The 
Government encryption standards are often suspect since 
there is always the Government concern for national 
security. There are several other methods available to 
secure information on the Internet and each satisfies the 


requirement of being able to transmit information so that 


only the intended party can decrypt the message. 


aes What Federal Government agencies are involved 
with electronic contracting on the Internet and 
what guidelines are already in place? 

NIST and NSA are the primary agencies involved with 
setting cryptology standards and standards for commerce on 
the Internet. Several agencies, such as OMB and GAO, also 
have a measure of oversight in the process. The concern at 
the Federal level depends on the organization. NIST, as a 
department in the Commerce Department, is concerned with 
commercial application of electronic contracting and the 


underlying cryptology. NSA, as a department in the DOD, is 


concerned with security and how potential foes might use 
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cryptology against the United States in a military fashion 
or as cover for illegal activities. 

The principal standards at the Federal level are the 
FIPS put in place by NIST. There are numerous commercial 
activities beside NIST that set standards. In that case, 
NIST is charged with interpreting and implementing those 


external standards into FIPS guidance. 


5. What is the commercial sector and state 
legislatures doing about electronic contract 
formation? 


The states, with Utah in the lead, are quickly 
addressing and embracing the idea of electronic contracting 
as a means to speed up commerce. More than 30 state 
legislatures are implementing oor discussing enabling 
legislation. The NCCUSL has been rewriting the U.C.C. to 
account for the sea change of events that the Internet has 
spawned. For the most part, contract formation issues are 
left alone. Only issues that directly affect transmission, 
attribution and authentication of messages is being 


addressed. 


6. How can Federal agencies mitigate risk while 
implementing electronic contracting? 


A wants to send B a contract electronically and B 


needs an electronic signature to verify authenticity. First 
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A sends the document. Then he uses a hash algorithm to 
generate a fingerprint for the document, encrypts the hash 
value with his private key, and sends the encrypted hash 
value to B. This is A's digital signature. B uses the same 
hash algorithm to fingerprint the document he received and 
then unencrypts the hash value he received from A using A's 
public key. If the two hash values match, then B not only 
knows that the document he received is authentic, but he 
also knows that A's signature is real. And if the 
information that A sent to B is sensitive, then it can be 
encrypted so that only B can read it. 

This model~-or one Similar to it--is probably the one 
that most participants use to conduct business. It is the 
basis for the U.S. Government's DSS, and the public-key 
cryptosystem DSA. 

In order to reduce risk, agencies can agree to 
interchange agreements and PKI agreements to assign risk 
and responsibility for electronic contracting on the 
Internet. By documenting the process and assigning 
responsibility, both parties will have a clearer 
understanding when a contract has formed and what each 
party must do in order to atseharas their contractual 


responsibilities. 
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a) Interchange Agreements 


The concerns of any users of an electronic 
trading arrangement will be to ensure that the messages 
transmitted are genuine, that there has been no subsequent 
modification after transmission, that the contents of the 
messages have not been disclosed to third parties, that the 
messages are not accidentally repeated, that they are not 
lost within the system, that there is no unanticipated 
delay in the recipient receiving an uncorrupted message and 
that any legal relationship which the messages themselves 
attempt to establish is enforceable. 

An Interchange Agreement allows participants to 
set out identification controls and methods of verifying, 
authenticating and attributing messages. It provides a 
framework for dealing with other issues such as at what 
stage in the transmission procedure the message is legally 
received by the recipient or who or what agent has what 
‘level of what kind of authority. 

An Interchange Agreement can stipulate that in 
case of disputes, no party is entitled to raise a question 
of the validity of an EDI contract because they exchanged 


the material electronically. 
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An Interchange Agreement can provide that the 
parties each agree that computer generated records will be 
admissible in court if both parties maintain an agreed 
level of security and administrative control over their 
computer systems. 

An Interchange Agreement allows participants the 
opportunity to address the contractual trading arrangements 
that they can establish pursuant to the messages 
transmitted. 

Anticipating that some messages will be delivered 
in a garbled or unreadable fashion, a Interchange Agreement 
can contain a provision that imposes an obligation to 
provide verification of receipt. Effective verification 
practices as a normal course of business routine ree 
the opportunity for the early detection and resolution of 
transmission errors. This reduces the possibility of 
misunderstanding or lack of performance issues. 

An Interchange Agreement affords the opportunity 
for the parties to agree which of them carries risk for 
error in the transmission of data, a corruption of the data 
on its passage through the network or the risk of the 


network crashing after transmission. 
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The American Bar Association has a Model 
Agreement that is both thorough and reflective of the 
commercial marketplace. In keeping with the original intent 
of the thesis, anytime a commercial alternative is 
available, agencies should use the alternative rather than 
developing their own standards unless it makes no financial 


or security sense. 


b) PKI and CAs 


PKI relies heavily on third party CA to ensure 
that participant identity and public keys are linked 
correctly. A Certificate Policy for CAs (Appendix) is 
necessary in establishing certificate policies suitable for 
electronic transactions. The Model Certificate Policy 
covers both Government and private CAs. The Model 
Certificate Policy assumes that the CA is using its own 
self-signed root key. 

By establishing a certificate policy, an Agency 
can specify its requirements for the level of assurance 
necessary for certificates that they will use. 

Certificate policies can also constitute a basis 
for approval of CAs. Approval may be determined through 


compliance with a particular certificate policy. A 
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certificate policy can be used to promote interoperability 
between CAs operated by different organizations and to 
facilitate the automated acceptance of certificates by 
relying parties. 

This helps to prevent a relying party from using 
a certificate for a purpose other than that intended. This 
also prevents a signer from repudiating a signature on the 
‘basis they did not intend the signature to be used for that 
purpose. 

From the CAs perspective, the ability to issue 
certificates that assert compliance with a particular 
certificate policy may have benefits as the CA tries to 
build a business base. 

Being obligated to the terms of a certificate 
policy may expose the CA to additional liability. Issues of 
CA liability are discussed in chapter VII. 

For relying parties, the Model Policy allows some 
parties to rely on the legal benefits of the certificate 
policy. However, the exact parameters of that 
classification are open and subject to further discussion. 

It seems doubtful that a certificate policy can 
specify the rights and obligations of subscribers unless 


there is a contract by which the parties so agree. The 
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Model Policy requires the CA to sign an enforceable 
contract with the subscriber to define each others rights 
and obligations. 

The Model Certificate Policy is technologically 
neutral so that many certification authorities operating 
under a variety of different CPSs can adopt it. The current 
draft of the Model Certificate Policy does not cover cross 
certification of other CAs. Certificates issued under the 
Model Policy are suitable for applications requiring a 


medium level of assurance. 


B. RECOMMENDATIONS 


It is recommended that Federal Agencies use the 
Internet to transact electronic contracts. Agencies must 
prepare and document their computer systems in order to 
meet the current laws of evidence and they must secure the 
messages cryptologically. Agencies should implement 
interchange agreements and PKI agreements the pre approve 
business operating procedures in order to minimize risk and 


misunderstanding in the electronic environment. 


C. AREAS FOR FURTHER RESEARCH 


There are a number of areas of research that would 


benefit Agencies looking to implement electronic 
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contracting on the Internet. The areas are Federal rules of 
evidence, cryptology and FIPS, and state and commercial 
activity and a business case analysis for electronic 
contracting. 


i Federal Rules of Evidence 


There is any number of Federal rules of evidence that 
would control the issues of electronic contracting in a 
court of law. A thorough review of the rules and their 
application in the electronic environment would reduce the 
risk for an Agency looking to implement’ electronic 
contracting on the Internet. 


Z's Cryptology and FIPS 


Any number of cryptological approaches could be used 
to secure messages across the open architecture of the 
Internet. Federal Agencies are limited to the use of 
approved FIPS procedures. A case can be made that FIPS are 
not always the best standards and that the Agency 
responsible for developing FIPS may be limited in what they 
can provide to other Agencies. Agencies would benefit from 
a disinterest third party review of the FIPS standards 


versus commercial products available in the marketplace. 
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Sa State and Commercial Activity 


State legislatures and. the U.C.C. are both hard at 
work implementing policy and procedures for conducting 
business on the Internet. These policies and procedures 
will have an enormous impact on the Federal process. An 
Agency would be well served being kept up-to-date with a 
survey of the latest developments. 


4. Business Case Analysis 


There is any number of costs associated with 
implementing an electronic contracting system on _ the 
Internet. There are many Agencies with many different 
computing systems and many different needs for contracting 
capability. An Agency would be well served with a thorough 
business case analysis of the costs involved with 
implementing electronic contracting on the Internet to 
allow the Agency to properly staff and resource the 


endeavor. 
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APPENDIX 


Government Information Technology Services 
Federal PKI Task Force 
Business and Legal Work Group 
MODEL CERTIFICATE POLICY 


1. INTRODUCTION 
1.1 Overview 
1.2 Policy Identification 
1.3 Community & Applicability 
1.3.1 Certification Authorities (CAs) 


1.3.1.1 CAs Authorized to Issue Certificates Under This Policy 
1.3.2 Registration Authorities and Certificate Manufacturing Authorities 


1.3.3 Repositories 
1.3.4 Subscribers 
1.3.5 Relying Parties 
1.3.6 Applicability 
1.3.6.1 Suitable Applications 
1.4 Contact Details 


2. GENERAL PROVISIONS 
2.1 Obligations 
2.1.1 CA Obligations 
2.1.1.1 Representations by CA 
2.1.2 RA And CMA Obligations 
2.1.3 Repository Obligations 
2.1.4 Subscriber Obligations 
2.1.5 Relving Party Obligations 
2.2 Liability | 
2.3 Financial Responsibility 
2.4 Interpretation & Enforcement 
2.4.1 Governing law 
2.4.2 Dispute Resolution Procedures 
2.5 Fees 
2.6 Publication & Repositories 
2.6.1 Publication of CA Information 
2.6.2 Frequency of Publication 
2.6.3 Access Controls 
2.7 Compliance Audit 
2.8 Confidentiality Policy 


3. IDENTIFICATION AND AUTHENTICATION 
3.1 Initial Registration 

3.1.1 Types of Names 
3.1.2 Name Meanings 
3.1.3. Rules For Interpreting Various Name Forms 
3.1.4 Name Uniqueness 
3.1.5 Verification of Key Pair 
3.1.6 Authentication of Organizations 
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3.1.7. Authentication of Individual - No Affiliation 
3.1.8 Authentication of Individual - Affiliated Certificate 
3.1.8.1 Identification 
3.1.8.2 Authentication Confirmation Procedure 
3.1.8.3 Personal Presence 
3.1.8.4 Duties of Responsible Individuals 
3.2 Renewal Applications (Routine Rekey) 
3.3 Rekey After Revocation 
3.4 Revocation Request 


4. OPERATIONAL REQUIREMENTS 
4.1 Certificate Application 
4.2 Certificate Issuance 
4.3 Certificate Acceptance 
44 Certificate Revocation 
4.4.1 Circumstances for Revocation 
4.4.1.1 Permissive Revocation 
4.4.1.2 Required Revocation 
4.4.2 Who can Request Revocation 
4.4.3. Procedure For Revocation Request 
4.4.3.1 Repository/CRL Update 
4.4.4 Revocation Request Grace Period 
4.4.5 Certificate Suspension 
4.4.6 CRL Issuance Frequency 
4.4.7 On-Line Revocation/Status Checking Availability 
4.5 Computer Security Audit Procedures 
4.6 Records Archival 
4.6.1 Types of Records Archived 
4.6.2 Retention Period For Archive 
4.6.3 Protection Of Archive 
4.6.4 Archive Backup Procedures 
4.6.5 Archive Collection System (Internal or External) 
4.6.6 Procedures To Obtain And Verify Archive Information 
4.7 Key Changeover 
4.8 Compromise And Disaster Recovery 
4.8.1 Disaster Recovery Plan 
4.8.2 Key Compromise Plan 
4.9 CA Termination 
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PHYSICAL, PROCEDURAL AND PERSONNEL SECURITY CONTROLS 34 
5.1 Physical Security -- Access Controls 
5.2 Procedural Controls 
5.2.1 Trusted Roles 
5.2.2 Multiple Roles (Number Of Persons Required Per Task) 
5.3 Personal Security Controls 
5.3.1 Background And Qualifications 
5.3.2 Background Investigation 
5.3.3 Training Requirements 
5.3.4 Documentation Supplied To Personnel 


6. TECHNICAL SECURITY CONTROLS 


6.1 Key Pair Generation And Installation 
6.1.1 Key Pair Generation 
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6.1.2 Private Key Delivery To Entity 
6.1.3. Subscriber Public Key Delivery To CA 
6.1.4 CA Public Key Delivery To Users 
6.1.5 Key Sizes 
6.2 CA Private Key Protection 
6.2.1 Standards For Cryptographic Module 
6.2.2 Private Key (N-M) Multi-Person Control 
6.2.3 Private Key Escrow 
6.2.4 Private Key Backup 
6.2.5 Private Key Archival 
6.2.6 Private Key Entry Into Cryptographic Module 
6.2.7 Method of Activating Private Key 
6.2.8 Method of Deactivating Private Key 
6.2.9 Method of Destroying Private Key 
6.3 Other Aspects of Key Pair Management 
6.3.1 Public Key Archival 
6.3.2 Key Replacement 
6.3.3. Restrictions on CA's Private Key Use 
6.4 Activation Data 
6.5 Computer Security Controls 
6.6 Life Cycle Technical Controls 
6.6.1 Sytem Development Controls 
6.6.2 Security Management Controls 
6.7 Network Security Controls 
6.8 Cryptographic Module Engineering Controls 


7. CERTIFICATE AND CRL PROFILES 
7.1 Certificate Profile 
7.2 CRL Profile 


8. POLICY ADMINISTRATION 
8.1 Policy Change Procedures 
8.1.1 List Of Items 
8.1.2 Comment Period 
8.2 Publication & Notification Procedures 
9. DEFINITIONS 


MODEL CERTIFICATE POLICY 
1. INTRODUCTION 


1.1 Overview 
This Certificate Policy ("Policy") specifies minimum requirements for the issuance and 
management of certificates that may be used in verifying digital signatures on the categories of electronic 
communications specified as suitable applications in Section 1.3.6 of this Policy. 
1.2 Policy Identification 


This Policy [is registered with and] has been assigned an object identifier (OID) of 





1.3. Community & Applicability 
1.3.1 Certification Authorities (CAs) 
This Policy is binding on each Authorized CA that issues certificates that identify this 
Policy, and governs its performance with respect to all certificates it issues that reference this Policy. 
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Specific practices and procedures by which the CA implements the requirements of this Policy shall be set 
forth by the CA in a certification practice statement ("CPS") or other publicly available document, or by 
contract [with all Qualified Relying Parties]. 
1.3.1.1 CAs Authorized to Issue Certificates under this Policy 

[Alternate 1} Any CA may issue certificates that identify this Policy provided that such 
CA agrees to be bound by, and complies with, the undertakings and representations of this Policy with 
respect to such certificates. Issuance of a certificate that references this Policy shall constitute agreement by 
the issuing CA to be bound by the terms of this Policy for all certificates that reference this Policy. 

[Alternate 2} A CA may issue certificates that identify this Policy only if such CA first 
qualifies as an Authorized CA by: 

(a) entering into an agreement with {the Policy Administering Organization], for the benefit of all 
Qualified Relying Parties, to be bound by, and comply with, the undertakings and representations of this 
Policy, with respect to the class of certificates that are issued with reference to this Policy, and 

(b) being approved by [the Policy Administering Organization], following successful completion of 
the compliance audit specified in Section 2.7, a review of 
its CPS, and satisfaction of [other applicable requirements]. 

1.3.2 Registration Authorities and Certificate Manufacturing Authorities 
See Section 2.1.2. 
1.3.3 Repositories 
See Section 2.1.2. 
1.3.4 Subscribers 
A CA may issue certificates that reference this Policy to the following classes of 
subscribers: 
individuals (unaffiliated) 
individuals associated with a sponsor recognized by the CA ("affiliated individuals"), provided the 
sponsor is the subscriber of a valid certificate issued 
by the CA in accordance with this Policy. 
organizations that qualify as legal entities 
Government agencies 
1.3.5 Relying Parties 
This Policy is intended for the benefit of the following persons who may rely on certificates 
issued to others that reference this Policy ("Qualified Relying Parties"): 
Federal Government agencies that specify this Policy by regulation 
State Government agencies that specify this Policy by regulation 
Businesses that _ [contractually agree to this Policy with the Policy Administering 
Organization/with the CA]___ 
Individuals that 
1.3.6 Applicability 
1.3.6.1 Suitable Applications 
In determining the categories of transactions for which certificates issued under 
this Policy may be used, Federal agencies need to evaluate the relative sensitivity of applications for which 
they intend to send and receive digitally signed messages, bearing in mind the provisions of the Computer 
Security Act and applicable regulations relating thereto. This section should specify the categories of 
transactions for which certificates issued under this Policy are considered appropriate. The inclusion of 
such categories should be based on a qualitative risk analysis whereby agencies should determine the level 
of identity binding they require for their applications. See Section 3. In making such determinations, 
agencies should consider the need for low value v. high value certificates, whether applications are critical 
or non-critical, etc. 
1.4 Contact Details 
This Policy is administered by ("Policy Administering Organization"): 
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Attn: 


Phone number: 
E-mail address: 


2. GENERAL PROVISIONS 
2.1 Obligations 
2.1.1 CA Obligations 
The CA is responsible for all aspects of the issuance and management of a certificate, 
including contro] over the application/enrollment process, the identification and authentication process, the 
actual certificate manufacturing process, publication of the certificate, suspension and revocation of the 
certificate, and renewal of the certificate, and for ensuring that all aspects of the CA Services and CA 
operations and infrastructure related to certificates issued under this Policy are performed in accordance 
with the requirements, representations, and warranties of this Policy. 
2.1.1.1 Representations By CA 
By issuing a certificate that references this Policy, the CA certifies to the 
subscriber, and to all Qualified Relying Parties who reasonably and in good faith rely on the information 
contained in the certificate during its operational period and in accordance with this Policy, has taken 
reasonable steps to verify additional information in the certificate unless otherwise noted in its CPS that: 
The CA has issued, and will manage, the certificate in accordance with this Policy 
The CA has complied with the requirements of this Policy and its applicable CPS when 
authenticating the subscriber and issuing the certificate 
There are no misrepresentations of fact in the certificate known to the CA, and the CA has taken 
reasonable steps to verify additional information in the certificate unless otherwise noted in its CPS 
Information provided by the subscriber in the certificate application for inclusion in the certificate 
has been accurately transcribed to the certificate 
The certificate meets all material requirements of this Policy and the CA’s CPS 
2.1.2 RA and CMA Obligations 
The CA shall be responsible for performing all identification and authentication functions and 
all certificate manufacturing and issuing functions. However, the CA may [delegate/subcontract] 
performance of these obligations to an identified registration authority ("RA") and/or certificate 
manufacturing authority ("CMA") provided that the CA remains primarily responsible for the performance 
of those services by such third parties in a manner consistent with the requirements of this Policy. 
2.1.3. Repository Obligations 
The CA shall be responsible for providing a repository and performing all associated functions. 
However, the CA may [delegate/subcontract] performance of this obligation to an identified repository 
services provider ("RSP"), provided that the CA remains primarily responsible for performance of those 
services by such third party in a manner consistent with the requirements of this Policy. 
2.1.4 Subscriber Obligations 
In all cases, the CA shall require the subscriber to enter into an enforceable contractual 
commitment [for the benefit of Qualified Relying Parties] obligating the subscriber to: 
generate a key pair using a trustworthy system, and take reasonable precautions to prevent any loss, 
disclosure, or unauthorized use of the private key 
acknowledge that by accepting the certificate the subscriber is warranting that all information and 
representations made by the subscriber that are included in the certificate are true 
use the certificate exclusively for authorized and legal purposes, consistent with this Policy 
instruct the CA to revoke the certificate promptly upon any actual or suspected loss, disclosure, or 
other compromise of the subscribers private key 
2.1.5 Relying Party Obligations 
A Qualified Relying Party has a right to rely on a certificate that references this Policy only if 
the certificate was used and relied upon for lawful purposes and under circumstances where: 
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the reliance was reasonable and in good faith in light of all the circumstances know to the relying 
party at the time of reliance 
the purpose for which the certificate was used was appropriate under this Policy 
the relying party checked the status of the certificate prior to reliance, or a check of the certificate’s 
status would have indicated that the certificate was valid 
2.2 Liability 
A CA is responsible to Qualified Relying Parties for direct damages suffered by such relying parties 
that are caused by the failure of the CA to comply with the terms of this Policy, and sustained by such 
relying parties as a result of reliance on a certificate in accordance with this Policy, but only to the extent 
that the damages result from the use of certificates for a suitable applications listed in Section 1.3.6. 
[Except as expressly provided in this Policy and in its CPS, CA disclaims all other warranties and 
obligations of any type, including any warranty of merchantability, any warranty of fitness for a particular 
purpose, and any warranty of accuracy of information provided. ] 
[The liability of a CA under this Policy shall be limited to direct damages, and shall not exceed 
.CA shall have no liability for consequential damages]. 
2.3 Financial Responsibility 
No stipulation. 
2.4 Interpretation & Enforcement 
2.4.1 Governing Law 
The enforceability, construction, interpretation, and validity of this Policy shall be governed 
by the laws of the United States and the State of 
2.4.2 Dispute Resolution Procedures 
No stipulation 
2.) Fees 
CA shall not impose any fees on the reading of this Policy or its CPS. CA may charge access fees 
on certificates, certificate status information, or CRLs, subject to agreement between the CA and 
subscriber, and in accordance with a fee schedule published by the CA in its CPS or otherwise. 
2.6 Publication & Repositories 
2.6.1 Publication Of CA Information 
Each Authorized CA shall operate a secure on-line repository that is available to Qualified 
Relying Parties and that contains (1) issued certificates that reference this Policy, (2) a Certificate 
Revocation List ("CRL") or on-line certificate status database, (3) the CA’s certificate for its signing key, 
(4) past and current versions of the CA’s CPS, (5) a copy of this Policy, and (6) other relevant information 
relating to certificates that reference this Policy. 
2.6.2 Frequency of Publication 
All information to be published in the repository shall be published promptly after such 
information is available to the CA. Certificates issued by the CA that reference this Policy will be 
published promptly upon acceptance of such certificate by the subscriber. Information relating to the 
revocation of a certificate will be published in accordance with section 4.4.3. 
2.6.3 Access Controls 
The repository will be available to Qualified Relying Parties [and subscribers] on a 
substantially 24 hours per day, 7 days per week basis, subject to reasonable scheduled maintenance and the 
CA’s then current terms of access. CA shall not impose any access controls on this Policy, the CA’s 
certificate for its signing key, and past and current versions of the CA’s CPS. CA may impose access 
controls on certificates, certificate status information, or CRLs at its discretion, subject to agreement 
between the CA and subscriber, in accordance with provisions published in its CPS or otherwise. 
2.7 Compliance Audit 
Before initial approval as an Authorized CA, and thereafter at least once every year, the CA (and 
each RA, CMA, and RSP, as applicable) shall submit to a compliance audit by an independent nationally 
recognized security audit firm [approved by | that is qualified to perform a security audit 
on a CA and that has significant experience in the application of PKI and cryptographic technologies. The 
purpose of such audit shall be to verify that the CA has in place a system to assure the quality of the CA 
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Services that it provides, that complies with all of the requirements of this Policy and its CPS, and that its 
CPS is consistent with the requirements of this Policy. 
2.8 Confidentiality Policy 

Information regarding subscribers that is submitted on applications for certificates will be kept 
confidential by CA and shall not be released without the prior consent of the subscriber, unless otherwise 
required by law. The foregoing shall not apply, however, to information appearing on certificates, or to 
information regarding subscribers that is obtained by CA from public sources. Under no circumstances 
shall CA (or any RA, RSP, CMA) have access to the private keys of any subscriber to whom it issues a 
certificate that references this Policy. 


3. IDENTIFICATION AND AUTHENTICATION 
3.1 Initial Registration 
Subject to the requirements noted below, Certificate applications may be communicated from the 
applicant to the CA or an RA, (and authorizations to issue certificates may be communicated from an RA to 
the CA), (1) electronically via E-mail or a web site, provided that all communication is secure, such as (1) 
by using SSL or a similar security protocol, (2) by first class U.S. mail, or (3) in person. 
3.1.1 Types of Names 
The subject name used for certificate applicants shall be [the X.509 Distinguished Name]. 
3.1.2 Name Meanings 
The subject name listed in a certificate must have a reasonable association with the 
authenticated name of the subscriber. In the case of individuals 
this should be a combination of first name and/or initials and surname. In the case of an organization the 
name should reflect the legal name of the organization and/or 
unit. 
3.1.3 Rules For Interpreting Various Name Forms 
No stipulation. 
3.1.4 Name Uniqueness 
The subject name listed in a certificate shall be unambiguous and unique for all 
certificates issued by the CA. [and conform to X.500 standards for name uniqueness]. If necessary, 
additional numbers or letters may be appended to the real name to ensure the name's uniqueness within the 
domain of certificates issued by the CA. 
3.1.5 Verification of Key Pair 
The CA shall establish that the applicant is in possession of the private key corresponding 
to the public key submitted with the application [in accordance with an appropriate secure protocol, such as 
that described in the IETF PKIX Certificate Management Protocol or through other means]. 
3.1.6 Authentication of Organization 
When a CA receives a certificate application from an organization, it shall conduct an 
independent investigation in order to determine whether: 

The organization exists and conducts business at the address listed in the certificate application. The 
certificate application was signed by a signatory who was a duly authorized reprentative of the organization 
named therein. The information contained in the certificate application is correct. 

In conducting its review and investigation, the CA shall review official Government records and/or 
engage the services of a reputable third party vendor of business information to provide validation 
information conceming each organization applying for a certificate, including legal company name, type of 
entity, year of formation, names of directors and officers, address, telephone number, and good standing in 
the jurisdiction where the applicant is incorporated or otherwise organized. 

3.1.7. Authentication of Individual -- No Affiliation 
In determining the form and type of authentication required for certificates issued pursuant 
to this Policy, Federal agencies should evaluate the relative sensitivity of applications for which they intend 
to send and receive digitally signed messages. Based on such evaluation, it may be appropriate to authorize 
on-line identity verification (such as proposed in the ACES program), while in other cases, it may be 
appropriate to require applicants to personally present themselves, or to provide notarized copies of identity 
papers. 
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3.1.8 Authentication of Individual — Affiliated Certificate 
3.1.8.1 Identification 
The CA may establish a trustworthy procedure whereby a sponsoring organization 
that has been authenticated by the CA and issued a certificate may designate one or more Responsible 
Individuals, and authorize them to represent the sponsoring organization in connection with the issuance 
and revocation of certificates for affiliated individuals. The CA may rely on a designated Responsible 
Individual appointed by the sponsor to properly authenticate the 
individual applicant (provided that the CA has previously authenticated the sponsor as an organization and 
the Responsible Individual as an unaffiliated individual, in accordance with this Policy). In the absence of 
the foregoing procedure, affiliated individuals shall be authenticated in the same manner as unaffiliated 
individuals. 
3.1.8.2 Authentication Confirmation Procedure 
Authentication of the individual will be confirmed through the use of a shared 
secret [such as a PIN number] that is distributed via a trustworthy out of band communication to the 
applicant (either directly or via the sponsor) and included in the application process as part of the certificate 
enrollment process. 
3.1.8.3 Personal Presence 
Applicants that are affiliated with [an Approved] sponsor can be authenticated 
through an electronically submitted application, based on an appropriate agreement with the sponsor, the 
approval of a designated Responsible Individual, and the distribution of PIN numbers or a similar security 
device. 
3.1.8.4 Duties of Responsible Individuals 
The Responsible Individual represents the sponsoring organization with respect to 
the issuance and management of certificates. In that capacity he or she is responsible for properly indicating 
which subscribers are to receive certificates. 
3.2 Renewal Applications (Routine Rekey) 

Within months prior to the scheduled expiration of the operational period of a certificate 
issued following authentication under this Policy, a subscriber may request issuance of a new certificate for 
a new key pair from the CA that issued the original certificate, provided the original certificate has not been 
suspended or revoked. Such a request may be made electronically via a digitally signed message based on 
the old key pair in the original certificate. 

3.3 Rekey After Revocation 

Revoked or expired certificates shall not be renewed. Applicants without a valid certificate from the 
CA that reference this Policy shall be re-authenticated by the CA or RA on certificate application, just as 
with a first-time application. 

3.4 Revocation Request 

A revocation request that is submitted electronically may be authenticated on the basis of a digital 
signature using the old key pair. The identity of a person submitting a revocation request in any other 
manner shall be authenticated [in accordance with Section _]. Revocation requests authenticated on the 
basis of the old (compromised) key pair shall always be accepted as valid. Other revocation request 
authentication mechanisms may be used as well. These authentication 
mechanisms must balance the need to prevent unauthorized revocation requests against the need to quickly 
revoke certificates. 


4. OPERATIONAL REQUIREMENTS 
4.1 Certificate Application 
An applicant for a certificate shall complete a certificate application in a form prescribed by the 
CA and enter into a subscriber agreement with the CA. All applications are subject to review, approval and 
acceptance by CA. The certificate application process may be initiated by the following persons: 


Potential Subscriber Authorized Initiator 
Individual (unaffiliated) Potential subscriber only 
Individual affiliated with a sponsor Potential subscriber or duly authorized 


representative of sponsor 
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Organization Duly authorized representative of 
potential subscriber only 
42 Certificate Issuance 
Upon successful completion of the subscriber identification and authentication process in 
accordance with this Policy, and complete and final approval of the certificate application, the CA shall 
issue the requested certificate, notify the applicant thereof, and make the certificate available to the 
applicant pursuant to a procedure whereby the certificate is initially delivered to, or available for pickup by, 
the subscriber only. A CA will not issue a certificate without the consent of the applicant and, if applicable, 
the applicant's sponsor. 
4.3 Certificate Acceptance 
Following issuance of a certificate, the CA shall contractually require the subscriber to expressly 
indicate acceptance or rejection of the certificate to the CA, in accordance with procedures established by 
the CA and specified in the CPS. 
44 Certificate Revocation 
4.4.1 Circumstances For Revocation 
4.4.1.1 Permissive Revocation 
A subscriber may request revocation of his, her, or its certificate at any time for 
any reason. A sponsoring organization (where applicable) may request revocation of the certificate of any 
affiliated individual at any time for any reason. [The issuing CA may also revoke a certificate upon failure 
of the subscriber (or the sponsoring organization, where applicable) to meet its obligations under this 
Certificate Policy, the applicable CPS, or any other agreement, regulation, or law applicable to the 
certificate that may be in force.] 
4.4.1.2 Required Revocation 
A subscriber, or a sponsoring organization (where applicable) shall promptly 
request revocation of a certificate: 
whenever any of the information on the certificate changes or becomes obsolete 
whenever the private key, or the media holding the private key, associated with the certificate is, or is 
suspected of having been, compromised 
whenever an affiliated individual is no longer affiliated with the sponsor 
The issuing CA shall revoke a certificate: 
upon request of the subscriber or sponsoring organization 
[upon failure of the subscriber (or the sponsoring organization, where applicable) to meet its material 
obligations under this Certificate Policy, any applicable CPS, or any other agreement, regulation, or law 
applicable to the certificate that may be in force.] 
if knowledge or reasonable suspicion of compromise is obtained 
if the CA determines that the certificate was not properly issued in accordance with this Policy and/or 
any applicable CPS 
In the event that the CA ceases operations, all certificates issued by the CA shall be revoked prior to the 
date that the CA ceases operations. 
4.4.2 Who Can Request Revocation 
The only persons permitted to request revocation of a certificate issued pursuant to this 
Policy are the subscriber, the sponsoring organization (where applicable), and the issuing CA. 
4.4.3 Procedure For Revocation Request 
A certificate revocation request should be promptly communicated to the issuing CA, either 
directly or through an RA. A certificate revocation request may be communicated electronically if it is 
digitally signed with the private key of the subscriber, or the sponsoring organization (where applicable). 
Alternatively the subscriber, or sponsoring organization (where applicable), may request revocation by 
contacting the CA or an authorized RA in person and 
providing adequate proof of identification in accordance with this Policy. 
4.4.3.1 Repository/CRL Update 


15 / 








Promptly following revocation, the CRL or certificate status database in the 
repository, as applicable, shall be updated. All revocation requests and the resulting actions taken by the 
CA shall be archived. 

4.4.4 Revocation Request Grace Period 
Requests for revocation shall be processed within _(__) hours/working days of receipt by 
the CA. 
4.4.5 Certificate Suspension 
The procedures and requirements stated for certificate revocation must also be followed for 
certificate suspension where implemented. 
4.4.6 CRL Issuance Frequency 
When CRLs are used, an up-to-date CRL shall be issued at leastevery _ hours. 
4.4.7 On-Line Revocation/Status Checking Aavailability 
Whenever an on-line certificate status database is used as an alternative to a CRL, such 
database shall be updated no later than __ hours after revocation. 
4.5 Computer Security Audit Procedures 
All significant security events on the CA system should be automatically recorded in audit trail 
files. The audit log shall be processed at least once a week. Such files shall be retained for at least six (6) 
months onsite, and thereafter shall be securely archived as per Section 4.6. 
4.6 Records Archival 
4.6.1 Types Of Records Archived 
The following data and files must be archived by [or on behalf of] the CA: 
All computer security audit data 
All certificate application data 
All certificates, and all CRLs or certificate status records generated 
Key histories 
All correspondence between the CA and RAs, CMAs, RSPs, and/or subscribers 
4.6.2 Retention Period For Archive 
Archive of the key and certificate information must be retained for at least 30 years. 
Archives of the audit trail files must be retained for at least six (6) months. 
4.6.3 Protection Of Archive 
The archive media must be protected either by physical security alone, or a combination of 
physical security and cryptographic protection. This protection must be to at least the level required of the 
. It should also be provided adequate protection from environmental threats such as temperature, 
humidity and magnetism. 
4.6.4 Archive Backup Procedures 
Adequate backup procedures must be in place so that in the event of the loss or destruction 
of the primary archives, a complete set of backup copies will be readily available within a short period of 
time. 
4.6.5 Archive Collection System (Interna! Or External) 
No stipulation. 
4.6.6 Procedures To Obtain And Verify Archive Information 
During the compliance audit required by this Policy, the auditor shall verify the integrity of 
the archives and if either copy is found to be corrupted or damaged in any way it shall be replaced with the 
other copy held in the separate location. 
4.7 Key Changover 
No stipulation. 
4.8 Compromise And Disaster Recovery 
4.8.1. Disaster Recovery Plan 
The CA must have in place an appropriate disaster recovery/business resumption plan and 
must set up and render operational a facility located in a geographic diverse area that is capable of 
providing CA Services in accordance with this Policy within hours of an unanticipated emergency. 
Such plan shall include a complete and periodic test of readiness for such facility. Such plan shall be 
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[detailed/referenced] within the CPS or other appropriate documentation available to Qualified Relying 
Parties. 
4.8.2 Key Compromise Plan 
The CA must have in place an appropriate key compromise plan that addresses the 
procedures that will be followed in the event of a compromise of the private signing key used by the CA to 
issue certificates, or used by any higher level CA. Such plan shall include procedures for revoking all 
affected certificates and promptly notifying all subscribers and all Qualified Relying Parties. 
4.9 CA Termination 

In the event that the CA ceases operation, all subscribers, sponsoring organizations, RAs, CMAs, 
RSPs, and Qualified Relying Parties will be promptly notified of the termination. In addition, all CAs with 
which cross-certification agreements are current at the time of cessation will be promptly informed of the 
termination. All certificates issued by the CA that reference this Policy will be revoked no later than the 
time of termination. 


5. PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY CONTROLS 
5.1 Physical Security -- Access Controls 
The CA, and all RAs, CMAs and RSPs, shall implement appropriate physical security controls to 
restrict access to the hardware and software (including the server, workstations, and any external 
cryptographic hardware modules or tokens) used in connection with providing CA Services. Access to such 
hardware and software shall be limited to those personnel performing in a Trusted Role as described in 
Section 5.2.1. Access shall be controlled through the use of: electronic access controls, mechanical 
combination locksets, or deadbolts. Such access controls must be manually or electronically monitored for 
unauthorized intrusion at all times. 
5.2 Procedural Controls 
5.2.1 Trusted Roles 
All employees, contractors, and consultants of CA (collectively "personnel") that have 
access to or control over cryptographic operations that may materially affect the CA's issuance, use, 
suspension, or revocation of certificates, including access to restricted operations of the CA's repository, 
shall, for purposes of this Policy, be considered as serving in a trusted role. Such personnel include, but are 
not limited to, system administration personnel, operators, engineering personnel, and executives who are 
designated to oversee the CA's operations. 
5.2.2 Multiple Roles (Number Of Persons Required Per Task) 
To ensure that one person acting alone cannot circumvent safeguards, responsibilities at 
a CA server should be shared by multiple roles and individuals. Each account on the CA server shall have 
limited capabilities commensurate with the role of the account holder. 
5.3. Personal Security Controls 
5.3.1 Background And Qualifications 
CAs, RAs, CMAs, and RSPs shall formulate and follow personnel and management 
policies sufficient to provide reasonable assurance of the trustworthiness and competence of their 
employees and of the satisfactory performance of their duties in manner consistent with this Policy. 
5.3.2 Background Investigation 
CAs shall conduct an appropriate investigation of all personnel who serve in trusted roles 
(prior to their employment and periodically thereafter as necessary), to verify their trustworthiness and 
competence in accordance with the requirements of this Policy and CA’s personnel practices or equivalent. 
All personnel who fail an initial or periodic investigation shall not serve or continue to serve in a trusted 
role. 
5.3.3. Training Requirements 
All CA, RA, CMA, and RSP personnel must receive proper training in order to perform 
their duties, and update briefings thereafter as necessary toremain current. 
5.3.4 Documentation Supplied To Personnel 
All CA, RA, CMA, and RSP personnel must ee eee user manuals detailing the 
procedures for certificate creation, update, renewal, suspension, and revocation, and software functionality. 
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6. TECHNICAL SECURITY CONTROLS 
6.1 Key Pair Generation And Installation 
6.1.1 Key Pair Generation 
Key pairs for CAs, CMAs, RAs, RSPs, and subscribers must be generated in such a way 
that the private key is not known by other than the authorized user of the key pair. Acceptable ways of 
accomplishing this include: 
Having all users (CAs, CMAs, RAs, RSPs, and subscribers) generate their own keys on a trustworthy 
system, and not reveal the private keys to anyone else 
Having keys generated in hardware tokens from which the private key cannot be extracted. 
CA, RA, and CMA keys must be generated in hardware tokens. Key pairs for RSPs, and end-entities can be 
generated in either hardware or software. 
6.1.2 Private Key Delivery To Entity 
See Section 6.1.1. 
6.1.3 Subscriber Public Key Delivery To CA 
The subscriber’s public key must be transferred to the RA or CA in a way that ensures that 
(1) it has not been changed during transit; (2) the sender possesses the private key that corresponds to the 
transferred public key; and (3) the sender of the public key is the legitimate user claimed in the certificate 
application. 
6.1.4 CA Public Key Delivery To Users 
The public key of the CA signing key pair may be delivered to subscribers in an on-line 
transaction in accordance with IETF PKIX Part 3, or via another appropriate mechanism. 
6.1.5 Key Sizes 
[Federal agencies should: (1) define the acceptable algorithms (e.g., RSA signature, 
DSA,etc.; and (2) specify the minimum key sizes for: CA signing key and user signing key for each 
algorithm. ] 
6.2 CA Private Key Protection 
The CA (and the RA, CMA, and RSP) shall each protect its private key(s) in accordance with the 
provisions of this Policy. 
6.2.1 Standards For Cryptographic Module 
CA signing key generation, storage and signing operations shall be on a hardware 
cryptomodule rated at FIPS 140-1 Level 2 (or higher). Subscribers shall use FIPS 140-1 Level 1 approved 
cryptographic modules (or higher). 
6.2.2 Private Key (N-M) Multi-Person Control 
No stipulation. _ 
6.2.3 Private Key Escrow 
CA signing private keys shall not be escrowed. 
6.2.4 Private Key Backup 
An entity may optionally back up its own private key. 
6.2.5 Private Key Archival 
An entity may optionally archive its own private key. 
6.2.6 Private Key Entry Into Cryptographic Module 
No stipulation. 
6.2.7 Method Of Activating Private Key 
No stipulation. 
6.2.8 Method Of Deactivating Private Key 
No stipulation. 
6.2.9 Method Of Destroying Private Key 
Upon expiration or revocation of a certificate, or other termination of use of a private key for 
creating signatures, all copies of the private key shall be securely destroyed. 
6.3 Other Aspects Of Key Pair Management 
6.3.1 Public Key Archival 
No stipulation. 
6.3.2 Key Replacement 


160 





CA key pairs must be replaced at least every years. RA and subscriber key pairs must 
be replaced not less than every years and a new certificate issued. 
6.3.3. Restrictions On CA's Private Key Use 
The CA's signing key used for issuing certificates that conform to this Policy shall be used 
only for signing certificates and, optionally, CRLs. A private key used by an RA or RSP for purposes 
associated with its RA or RSP function shall not be used for any other purpose without the express 
permission of the CA. 

A private key held by a CMA and used for purposes of manufacturing certificates for the CA is 
considered the CA’s signing key, is held by the CMA as a fiduciary for the CA, and shall not be used for 
any reason without the express permission of the CA. Any other private key used by a CMA for purposes 
associated with its CMA function shall not be used for any other purpose without the express permission of 
the CA. 

6.4 Activation Data 

No stipulation. 
6.5 Computer Security Controls 
All CA servers must include the following functionality either provided by the operating system, or 
through a combination of operating system, PKI application, and physical safeguards: 


6.6 Life Cycle Technical Controls 
6.6.1 System Development Controls 
The system design and development shall be conducted using a methodology that 


6.6.2 Security Management Controls 
6.7 Network Security Controls 
The CA server and repository must be protected through application level (proxy) firewalls (or 
separate ports of a single firewall) configured to allow only the protocols and commands required for the 
CA’s services. 
6.8 Cryptographic Module Engineering Controls 
No stipulation. 


7. CERTIFICATE AND CRL PROFILES 
7.1 Certificate Profile 
Certificates that reference this Policy shall contain public keys used for authenticating the sender 
of an electronic message and verifying the integrity of such messages -- ie., public keys used for digital 
signature verification. 

All certificates that reference this Policy will be issued in the [X.509 version 3] format and will include a 
reference to the OID for this Policy within the appropriate field. The CPS shall identify the certificate 
extensions supported, and the level of support for those extension, [consistent with the profile developed by 
the FPKI-TWG]. . 

7.2 CRL Profile 
If utilized, CRLs will be issued in the [X.509 version 2] format. The CPS shall identify the CRL 
extensions supported and the level of support for these extensions. [consistent with the profile developed by 
the FPKI-TWG] 


8. POLICY ADMINISTRATION 
8.1 Policy Change Procedures 
8.1.1 List Of Items 
Notice of all proposed changes to this Policy under consideration by the Policy 
Administering Organization that may materially impact users of this Policy (other than editorial or 
typographical corrections, or changes to the contact details) will be provided to Authorized CAs, and will 
be posted on the World Wide Web site of the Policy Administering Organization. Authorized CAs shall 
post notice of such proposed changes in their repositories and shall advise their subscribers, in writing or by 
e-mail, of such proposed changes. 
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8.1.2 Comment Period 
Impacted users may file comments with the Policy Administering Organization within 45 
days of original notice. If the proposed change is modified 
as a result of such comments, a new notice of the modified proposed change shall be given. 
8.2 Publication & Notification Procedures 
A copy of this Certificate Policy is available in electronic form on the Internet at 
and via e-mail from . Authorized CAs shall post copies of this Policy in their 


repositories. 





9. DEFINITIONS 
Affiliated Individual. An affiliated individual is the subject of a certificate that is affiliated with a 


sponsor approved by the CA (such as an employee affiliated with an employer). Certificates issued to 
affiliated individuals are intended to be associated with the sponsor and the responsibility for authentication 
lies with the sponsor. 

Authorized CA. Means a certification authority that has been authorized by the Policy Administering 
Organization to issue certificates that reference this policy. 

CA. Certification Authority 

Certificate. A record that, at a minimum: (a) identifies the certification authority issuing it; (b) names 
or otherwise identifies its subscriber; (c) contains a public key that corresponds to a private key under the 
control of the subscriber; (d) identifies its operational period; and (e) contains a certificate serial number 
and is digitally signed by the certification authority issuing it. As used in this Policy, the term of 
"Certificate" refers to certificates that expressly reference this Policy in the "certificatePolicies” field of an 
X.509 v.3 certificate. 

CMA. See Certificate Manufacturing Authority 

Certificate Manufacturing Authority" (CMA). An entity that is responsible for the manufacturing and 
delivery of certificates signed by a certification authority, but is not responsible for identification and 
authentication of certificate subjects (ie., a CMA is delegated or outsourced the task of actually 
manufacturing the certificate on behalf of a CA). 

Certificate Revocation List (CRL). A time-stamped list of revoked certificates that has been digitally 
signed by a certification authority. 

Certification Authority. A certification authority is an entity that is responsible for authorizing and 
causing the issuance of a certificate. A certification authority can perform the functions of a registration 
authority (RA) and a certificate manufacturing authority (CMA), or it can delegate or outsource either of 
these functions to separate entities. 

A certification authority performs two essential functions. First, it is responsible for identifying and 
authenticating the intended subscriber to be name in a certificate, and verifying that such subscriber 
possesses the private key that corresponds to the public key that will be listed in the certificate. Second, the 
certification authority actually creates (or manufactures) and digitally signs the certificate. The certificate 
issued by the certification authority then represents that certification authority's statement as to the identity 
of the person named in the certificate and the binding of that person to a particular public-private key pair. 

Certification Practice Statement (CPS). A "certification practice statement” is a statement of the 
practices that a certification authority employs in issuing, suspending, and revoking certificates and 
providing access to same. 

CMA. See Certificate Manufacturing Authority. 

CPS. See Certificate Practices Statement. 

CRL. See Certificate Revocation List. 

FIPS. Federal Information Processing Standards. These are Federal standards that prescribe specific 
performance requirements, practices, formats, communications protocols, etc. for hardware, software, data, 
telecommunications operation, etc. Federal agencies are expected to apply these standards as specified 
unless a waiver has been granted in accordance to Agency waiver procedures. 

IETF. Internet Engineering Task Force. The Internet Engineering Task Force is a large open 
international community of network designers, operators, vendors, and researches concerned with the 
evolution of the Internet architecture and the smooth operation of the Internet. 
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Key pair. Means two mathematically related keys, having the properties that (i) one key can be used to 
encrypt a message that can only be decrypted using the other key, and (ii) even knowing one key, it is 
computationally infeasible to discover the other key. 

Registration Authority. An entity that is responsible for identification and authentication of certificate 
subjects, but that does not sign or issue certificates (i.e., an RA is delegated certain tasks on behalf of a 
CA). 

RA. See "Registration Authority." 

Object Identifier. An object identifier is a specially-formatted number that is registered with an 
internationally-recognized standards organization. 

OID. See Object Identifier. 

Operational Period Of A Certificate. The operational period of a certificate is the period of its validity. 
It would typically begin on the date the certificate is issued (or such later date as specified in the 
certificate), and ends on the date and time it expires as noted in the certificate or is earlier revoked or 
suspended. 

PIN. Personal Identification Number 

PKI. Public Key Infrastructure 

PKIX. An JETF Working Group developing technical specifications for a PKI components based on 
X.509 Version 3 certificates. 

Policy. Means this Certificate Policy. 

Policy Administering Organization. The entity specified in Section 1.4. 

Private Key. Means the key of a key pair used to create a digital signature. This key must be kept a 
secret. 

Public Key. Means the key of a key pair used to verify a digital signature. The public key is made 
freely available to anyone who will receive digitally signed messages from the holder of the key pair. The 
public key is usually provided via a certificate issued by a certification authority and is often obtained by 
accessing a repository. A public key is used to verify the digital signature of a message purportedly sent by 
the holder of the corresponding private key. 

RA. See Registration Authority. 

Registration Authority. An entity that is responsible for identification and authentication of certificate 
subjects, but that does not sign or issue certificates (i.e., an RA is delegated certain tasks on behalf of a 
CA). 

Relying Party. A recipient of a digitally signed message who relies on a certificate to verify the digital 
signature on the message. 

Repository. A trustworthy system for storing and retrieving certificates and other information relating 
to those certificates. 

Repository Services Provider (RSP). An entity that maintains a repository accessible to the public [or 
at least to relying parties] for purposes of obtaining copies of certificates and/or verifying the status of such 
certificates. 

Responsible Individual. A person designated by a sponsor to authenticate individual applicants 
seeking certificates on the basis of their affiliation with the sponsor. 

Revoke A Certificate. Means to prematurely end the operational period of a certificate from a 
specified time forward. | 

RSP. See Repository Services Provider. 

Sponsor. An organization with which a subscriber is affiliated (e.g., as an employee, user of a service, 
business partner customer etc.). 

Subject. A person whose public key is certified in a certificate. Also referred to as a "subscriber". 

Subscriber. A subscriber is a person who (1) is the subject named or identified in a certificate issued to 
such person and (2) holds a private key that corresponds to a public key listed in that certificate, and (3) the 
person to whom digitally signed messages verified by reference to such certificate are to be attributed. See 
"subject." 

Suspend a certificate. Means to temporarily suspend the operational period of a certificate for a 
specified time period or from a specified time forward. 
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Trustworthy System. Means computer hardware, software, and procedures that: (a) are reasonably 
secure from intrusion and misuse; (b) provide a reasonable level of availability, reliability, and correct 
operation; (c) are reasonably suited to performing their intended functions, and (d) adhere to generally 
accepted security procedures. 

Valid Certificate. Means a certificate that (1) a certification authority has issued, (2) the subscriber 
listed in it has accepted, (3) has not expired, and (4) has not been revoked. Thus, a certificate is not "valid" 
until it is both issued by a certification authority and has been accepted by the subscriber. 
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